Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
FXdg37pY22.exe

Overview

General Information

Sample name:FXdg37pY22.exe
renamed because original name is a hash value
Original sample name:558a2574865079a1c4d69350493310df.exe
Analysis ID:1581380
MD5:558a2574865079a1c4d69350493310df
SHA1:e76374501315596dc32eebe8833cf1d8efeccba8
SHA256:6c2b5ad84731b310763f541ff0b9e21b5dd698fba32e24e33dbed9278dd7b4c8
Tags:exeuser-abuse_ch
Infos:

Detection

LummaC Stealer
Score:88
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected LummaC Stealer
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Machine Learning detection for sample
Sample uses string decryption to hide its real strings
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to dynamically determine API calls
Contains functionality to query CPU information (cpuid)
Contains functionality to read the clipboard data
Contains functionality to record screenshots
Detected potential crypto function
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains an invalid checksum
Sample execution stops while process was sleeping (likely an evasion)
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • FXdg37pY22.exe (PID: 7532 cmdline: "C:\Users\user\Desktop\FXdg37pY22.exe" MD5: 558A2574865079A1C4D69350493310DF)
    • conhost.exe (PID: 7540 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • cleanup

Malware Configuration

Threatname: LummaC

{"C2 url": ["covery-mover.biz", "impend-differ.biz", "zinc-sneark.biz", "print-vexer.biz", "se-blurry.biz", "dare-curbys.biz", "formy-spill.biz", "dwell-exclaim.biz"], "Build id": "H8NgCl--modie"}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
decrypted.memstrJoeSecurity_LummaCStealer_2Yara detected LummaC StealerJoe Security

    Sigma Signatures

    No Sigma rule has matched

    Suricata Signatures

    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-12-27T14:45:35.926885+010020283713Unknown Traffic192.168.2.44973023.55.153.106443TCP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-12-27T14:45:33.083733+010020579731Domain Observed Used for C2 Detected192.168.2.4582611.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-12-27T14:45:33.891288+010020579751Domain Observed Used for C2 Detected192.168.2.4600371.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-12-27T14:45:33.509952+010020579791Domain Observed Used for C2 Detected192.168.2.4600311.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-12-27T14:45:33.748806+010020579771Domain Observed Used for C2 Detected192.168.2.4626851.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-12-27T14:45:34.177839+010020579691Domain Observed Used for C2 Detected192.168.2.4573751.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-12-27T14:45:34.033916+010020579711Domain Observed Used for C2 Detected192.168.2.4541461.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-12-27T14:45:33.227398+010020579831Domain Observed Used for C2 Detected192.168.2.4501211.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-12-27T14:45:33.368984+010020579811Domain Observed Used for C2 Detected192.168.2.4520521.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-12-27T14:45:36.743987+010028586661Domain Observed Used for C2 Detected192.168.2.44973023.55.153.106443TCP

    Joe Sandbox Signatures

    Click to jump to signature section

    Show All Signature Results

    AV Detection

    barindex
    Found malware configuration
    Source: 00000000.00000003.1681706178.0000000001241000.00000004.00000020.00020000.00000000.sdmpMalware Configuration Extractor: LummaC {"C2 url": ["covery-mover.biz", "impend-differ.biz", "zinc-sneark.biz", "print-vexer.biz", "se-blurry.biz", "dare-curbys.biz", "formy-spill.biz", "dwell-exclaim.biz"], "Build id": "H8NgCl--modie"}
    Multi AV Scanner detection for submitted file
    Source: FXdg37pY22.exeVirustotal: Detection: 66%Perma Link
    Source: FXdg37pY22.exeReversingLabs: Detection: 68%
    AI detected suspicious sample
    Source: Submited SampleIntegrated Neural Analysis Model: Matched 87.5% probability
    Machine Learning detection for sample
    Source: FXdg37pY22.exeJoe Sandbox ML: detected
    Sample uses string decryption to hide its real strings
    Source: 00000000.00000003.1681706178.0000000001241000.00000004.00000020.00020000.00000000.sdmpString decryptor: impend-differ.biz
    Source: 00000000.00000003.1681706178.0000000001241000.00000004.00000020.00020000.00000000.sdmpString decryptor: print-vexer.biz
    Source: 00000000.00000003.1681706178.0000000001241000.00000004.00000020.00020000.00000000.sdmpString decryptor: dare-curbys.biz
    Source: 00000000.00000003.1681706178.0000000001241000.00000004.00000020.00020000.00000000.sdmpString decryptor: covery-mover.biz
    Source: 00000000.00000003.1681706178.0000000001241000.00000004.00000020.00020000.00000000.sdmpString decryptor: formy-spill.biz
    Source: 00000000.00000003.1681706178.0000000001241000.00000004.00000020.00020000.00000000.sdmpString decryptor: dwell-exclaim.biz
    Source: 00000000.00000003.1681706178.0000000001241000.00000004.00000020.00020000.00000000.sdmpString decryptor: zinc-sneark.biz
    Source: 00000000.00000003.1681706178.0000000001241000.00000004.00000020.00020000.00000000.sdmpString decryptor: se-blurry.biz
    Source: 00000000.00000003.1681706178.0000000001241000.00000004.00000020.00020000.00000000.sdmpString decryptor: covery-mover.biz
    Source: 00000000.00000003.1681706178.0000000001241000.00000004.00000020.00020000.00000000.sdmpString decryptor: impend-differ.biz
    Source: 00000000.00000003.1681706178.0000000001241000.00000004.00000020.00020000.00000000.sdmpString decryptor: print-vexer.biz
    Source: 00000000.00000003.1681706178.0000000001241000.00000004.00000020.00020000.00000000.sdmpString decryptor: dare-curbys.biz
    Source: 00000000.00000003.1681706178.0000000001241000.00000004.00000020.00020000.00000000.sdmpString decryptor: covery-mover.biz
    Source: 00000000.00000003.1681706178.0000000001241000.00000004.00000020.00020000.00000000.sdmpString decryptor: formy-spill.biz
    Source: 00000000.00000003.1681706178.0000000001241000.00000004.00000020.00020000.00000000.sdmpString decryptor: dwell-exclaim.biz
    Source: 00000000.00000003.1681706178.0000000001241000.00000004.00000020.00020000.00000000.sdmpString decryptor: zinc-sneark.biz
    Source: 00000000.00000003.1681706178.0000000001241000.00000004.00000020.00020000.00000000.sdmpString decryptor: se-blurry.biz
    Source: 00000000.00000003.1681706178.0000000001241000.00000004.00000020.00020000.00000000.sdmpString decryptor: covery-mover.biz
    Source: 00000000.00000003.1681706178.0000000001241000.00000004.00000020.00020000.00000000.sdmpString decryptor: lid=%s&j=%s&ver=4.0
    Source: 00000000.00000003.1681706178.0000000001241000.00000004.00000020.00020000.00000000.sdmpString decryptor: TeslaBrowser/5.5
    Source: 00000000.00000003.1681706178.0000000001241000.00000004.00000020.00020000.00000000.sdmpString decryptor: - Screen Resoluton:
    Source: 00000000.00000003.1681706178.0000000001241000.00000004.00000020.00020000.00000000.sdmpString decryptor: - Physical Installed Memory:
    Source: 00000000.00000003.1681706178.0000000001241000.00000004.00000020.00020000.00000000.sdmpString decryptor: Workgroup: -
    Source: 00000000.00000003.1681706178.0000000001241000.00000004.00000020.00020000.00000000.sdmpString decryptor: H8NgCl--modie
    Source: FXdg37pY22.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, DEBUG_STRIPPED
    Source: unknownHTTPS traffic detected: 23.55.153.106:443 -> 192.168.2.4:49730 version: TLS 1.2
    Source: FXdg37pY22.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 4x nop then movzx edx, byte ptr [esp+ecx+05h]0_2_00C6A960
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 4x nop then mov edx, ecx0_2_00C69CC0
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 4x nop then mov ebx, dword ptr [edi+04h]0_2_00C8A060
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax-0BF7BDDDh]0_2_00C85F7D
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax+79314A46h]0_2_00C86170
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 4x nop then mov byte ptr [edi+ebx], 00000000h0_2_00C6C274
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 4x nop then mov ecx, eax0_2_00C82270
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 4x nop then push eax0_2_00C6C36E
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 4x nop then movzx ebx, byte ptr [edx]0_2_00C945F0
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 4x nop then movzx esi, byte ptr [esp+eax+36A27D27h]0_2_00C8C6D7
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 4x nop then mov byte ptr [esi], al0_2_00C8C6D7
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 4x nop then movzx edx, byte ptr [esp+ecx+07540F19h]0_2_00C8C6D7
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 4x nop then movzx edx, byte ptr [esp+ecx+07540F19h]0_2_00C8C6D7
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 4x nop then cmp al, 2Eh0_2_00C866E7
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 4x nop then mov word ptr [eax], cx0_2_00C886F0
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 4x nop then cmp dword ptr [edi+ebp*8], 299A4ECDh0_2_00C9E690
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 4x nop then cmp byte ptr [esi+ebx], 00000000h0_2_00C8A630
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 4x nop then mov word ptr [eax], cx0_2_00C80717
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 4x nop then mov word ptr [ecx], dx0_2_00C80717
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 4x nop then mov word ptr [eax], cx0_2_00C886F0
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 4x nop then mov eax, dword ptr [ebp-10h]0_2_00C9CAC0
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 4x nop then add ebp, dword ptr [esp+0Ch]0_2_00C8AAD0
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 4x nop then mov eax, dword ptr [ebp-10h]0_2_00C9CBD6
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 4x nop then movzx ebx, byte ptr [ecx+esi]0_2_00C62B70
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 4x nop then movzx ebp, word ptr [ecx+ebx*2]0_2_00C96B20
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 4x nop then mov eax, dword ptr [ebp-10h]0_2_00C9CAC0
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 4x nop then mov eax, dword ptr [ebp-10h]0_2_00C9CCE0
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 4x nop then mov eax, dword ptr [ebp-10h]0_2_00C9CD60
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 4x nop then movzx edi, byte ptr [esi+eax-000000BCh]0_2_00C76E97
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 4x nop then mov edi, eax0_2_00C76E97
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 4x nop then cmp word ptr [ebp+edx+02h], 0000h0_2_00C7CEA5
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 4x nop then mov byte ptr [edx], bl0_2_00C6CE55
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 4x nop then mov eax, dword ptr [ebp-10h]0_2_00C9CE00
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 4x nop then add ebx, 03h0_2_00C88F5D
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 4x nop then cmp dword ptr [ecx+edx*8], B430E561h0_2_00C74F08
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 4x nop then mov ecx, edx0_2_00C74F08
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 4x nop then mov edx, ecx0_2_00C7D087
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 4x nop then mov byte ptr [esi], cl0_2_00C8D085
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 4x nop then mov byte ptr [esi], cl0_2_00C8D085
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 4x nop then mov edx, ecx0_2_00C7D074
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 4x nop then movzx edi, byte ptr [esi+eax-000000BCh]0_2_00C77190
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax+1Ch]0_2_00C892D0
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 4x nop then mov edx, ebx0_2_00C892D0
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 4x nop then mov eax, dword ptr [00CA4284h]0_2_00C85230
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 4x nop then mov byte ptr [edi], bl0_2_00C8B3DE
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 4x nop then mov byte ptr [edi], bl0_2_00C8B3DE
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 4x nop then movzx ebx, bx0_2_00C8536C
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 4x nop then mov word ptr [ecx], dx0_2_00C87307
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 4x nop then mov byte ptr [ebx], al0_2_00C8B4BB
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 4x nop then add eax, dword ptr [esp+ecx*4+24h]0_2_00C67470
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 4x nop then movzx ecx, word ptr [edi+esi*4]0_2_00C67470
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 4x nop then jmp eax0_2_00C8B475
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 4x nop then movzx edx, byte ptr [esp+ecx-41h]0_2_00C896D8
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 4x nop then movzx edx, byte ptr [esp+ecx+2Ch]0_2_00C87653
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 4x nop then movzx edi, byte ptr [esi+eax-000000BCh]0_2_00C7597D
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 4x nop then movzx edi, byte ptr [esi+eax-000000BCh]0_2_00C76E97
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 4x nop then mov edi, eax0_2_00C76E97
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 4x nop then mov ebx, eax0_2_00C65910
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 4x nop then mov ebp, eax0_2_00C65910
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 4x nop then cmp dword ptr [ebx+esi*8], B430E561h0_2_00C85920
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 4x nop then mov byte ptr [eax], cl0_2_00C75ADC
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 4x nop then cmp word ptr [edi+ebx+02h], 0000h0_2_00C9DBD0
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 4x nop then cmp dword ptr [edx+ecx*8], 29DF508Eh0_2_00C9DCF0
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], B430E561h0_2_00C79C10
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 4x nop then movzx edi, byte ptr [esi+ecx-000000BCh]0_2_00C75EE0
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 4x nop then mov word ptr [eax], cx0_2_00C81EE0
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 4x nop then mov word ptr [eax], dx0_2_00C77E82
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax-51BA460Ah]0_2_00C8BFDA
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax-51BA460Ah]0_2_00C8BFD3
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 4x nop then cmp dword ptr [edx+ecx*8], 2298EE00h0_2_00C9DFB0
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax-0BF7BDDDh]0_2_00C85F7D

    Networking

    barindex
    Suricata IDS alerts for network traffic
    Source: Network trafficSuricata IDS: 2057935 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (impend-differ .biz) : 192.168.2.4:57375 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2057969 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (impend-differ .biz) : 192.168.2.4:57375 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2057927 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (dare-curbys .biz) : 192.168.2.4:60037 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2057975 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (dare-curbys .biz) : 192.168.2.4:60037 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2057931 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (formy-spill .biz) : 192.168.2.4:62685 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2057977 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (formy-spill .biz) : 192.168.2.4:62685 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2057949 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (zinc-sneark .biz) : 192.168.2.4:52052 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2057981 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (zinc-sneark .biz) : 192.168.2.4:52052 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2057925 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (covery-mover .biz) : 192.168.2.4:58261 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2057973 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (covery-mover .biz) : 192.168.2.4:58261 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2057943 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (print-vexer .biz) : 192.168.2.4:54146 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2057971 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (print-vexer .biz) : 192.168.2.4:54146 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2057945 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (se-blurry .biz) : 192.168.2.4:50121 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2057929 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (dwell-exclaim .biz) : 192.168.2.4:60031 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2057983 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (se-blurry .biz) : 192.168.2.4:50121 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2057979 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (dwell-exclaim .biz) : 192.168.2.4:60031 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2858666 - Severity 1 - ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup : 192.168.2.4:49730 -> 23.55.153.106:443
    C2 URLs / IPs found in malware configuration
    Source: Malware configuration extractorURLs: covery-mover.biz
    Source: Malware configuration extractorURLs: impend-differ.biz
    Source: Malware configuration extractorURLs: zinc-sneark.biz
    Source: Malware configuration extractorURLs: print-vexer.biz
    Source: Malware configuration extractorURLs: se-blurry.biz
    Source: Malware configuration extractorURLs: dare-curbys.biz
    Source: Malware configuration extractorURLs: formy-spill.biz
    Source: Malware configuration extractorURLs: dwell-exclaim.biz
    Source: Joe Sandbox ViewIP Address: 23.55.153.106 23.55.153.106
    Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
    Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49730 -> 23.55.153.106:443
    Source: global trafficHTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: global trafficHTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
    Source: FXdg37pY22.exe, 00000000.00000002.1984540330.0000000000DC8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)
    Source: FXdg37pY22.exe, 00000000.00000002.1984540330.0000000000DC8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Content-Security-Policydefault-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7C185ce35c568ebbb18a145d0cabae7186; Path=/; Secure; HttpOnly; SameSite=Nonesessionid=92a1a361b202cb6cfdfd0a5b; Path=/; Secure; SameSite=NoneSet-CookienginxServerRetry-AfterProxy-SupportProxy-AuthenticateP3PLocationETagAuthentication-InfoAgeAccept-RangesLast-ModifiedMon, 26 Jul 1997 05:00:00 GMTExpiresContent-RangeContent-MD5Content-LocationContent-LanguageContent-Encodingtext/html; charset=UTF-8Content-Type25665Content-LengthAllowWarningViaUpgradeTransfer-EncodingTrailerPragmaKeep-AliveFri, 27 Dec 2024 13:45:36 GMTDateProxy-ConnectioncloseConnectionno-cacheCache-Control" equals www.youtube.com (Youtube)
    Source: FXdg37pY22.exe, 00000000.00000002.1984540330.0000000000DC8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)
    Source: global trafficDNS traffic detected: DNS query: covery-mover.biz
    Source: global trafficDNS traffic detected: DNS query: se-blurry.biz
    Source: global trafficDNS traffic detected: DNS query: zinc-sneark.biz
    Source: global trafficDNS traffic detected: DNS query: dwell-exclaim.biz
    Source: global trafficDNS traffic detected: DNS query: formy-spill.biz
    Source: global trafficDNS traffic detected: DNS query: dare-curbys.biz
    Source: global trafficDNS traffic detected: DNS query: print-vexer.biz
    Source: global trafficDNS traffic detected: DNS query: impend-differ.biz
    Source: global trafficDNS traffic detected: DNS query: steamcommunity.com
    Source: FXdg37pY22.exe, 00000000.00000002.1984540330.0000000000DC8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1:27060
    Source: FXdg37pY22.exe, 00000000.00000002.1984398391.0000000000D8F000.00000004.00000020.00020000.00000000.sdmp, FXdg37pY22.exe, 00000000.00000003.1720846876.0000000000E06000.00000004.00000020.00020000.00000000.sdmp, FXdg37pY22.exe, 00000000.00000003.1720971980.0000000000D8F000.00000004.00000020.00020000.00000000.sdmp, FXdg37pY22.exe, 00000000.00000003.1720786437.0000000000E03000.00000004.00000020.00020000.00000000.sdmp, FXdg37pY22.exe, 00000000.00000003.1720786437.0000000000DFC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/account/cookiepreferences/
    Source: FXdg37pY22.exe, 00000000.00000002.1984398391.0000000000D8F000.00000004.00000020.00020000.00000000.sdmp, FXdg37pY22.exe, 00000000.00000003.1720846876.0000000000E06000.00000004.00000020.00020000.00000000.sdmp, FXdg37pY22.exe, 00000000.00000003.1720971980.0000000000D8F000.00000004.00000020.00020000.00000000.sdmp, FXdg37pY22.exe, 00000000.00000003.1720786437.0000000000E03000.00000004.00000020.00020000.00000000.sdmp, FXdg37pY22.exe, 00000000.00000003.1720786437.0000000000DFC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/privacy_agreement/
    Source: FXdg37pY22.exe, 00000000.00000002.1984398391.0000000000D8F000.00000004.00000020.00020000.00000000.sdmp, FXdg37pY22.exe, 00000000.00000003.1720846876.0000000000E06000.00000004.00000020.00020000.00000000.sdmp, FXdg37pY22.exe, 00000000.00000003.1720971980.0000000000D8F000.00000004.00000020.00020000.00000000.sdmp, FXdg37pY22.exe, 00000000.00000003.1720786437.0000000000E03000.00000004.00000020.00020000.00000000.sdmp, FXdg37pY22.exe, 00000000.00000003.1720786437.0000000000DFC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/subscriber_agreement/
    Source: FXdg37pY22.exe, 00000000.00000003.1720846876.0000000000E06000.00000004.00000020.00020000.00000000.sdmp, FXdg37pY22.exe, 00000000.00000003.1720786437.0000000000E03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.valvesoftware.com/legal.htm
    Source: FXdg37pY22.exe, 00000000.00000002.1984540330.0000000000DC8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.steampowered.com/
    Source: FXdg37pY22.exe, 00000000.00000002.1984540330.0000000000DC8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://broadcast.st.dl.eccdnx.com
    Source: FXdg37pY22.exe, 00000000.00000002.1984540330.0000000000DC8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/
    Source: FXdg37pY22.exe, 00000000.00000002.1984540330.0000000000DC8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://checkout.steampowered.com/
    Source: FXdg37pY22.exe, 00000000.00000002.1984540330.0000000000DC8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/
    Source: FXdg37pY22.exe, 00000000.00000003.1720846876.0000000000E06000.00000004.00000020.00020000.00000000.sdmp, FXdg37pY22.exe, 00000000.00000003.1720786437.0000000000E03000.00000004.00000020.00020000.00000000.sdmp, FXdg37pY22.exe, 00000000.00000003.1720786437.0000000000DFC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/applications/community/main.css?v=Lj6X7NKUMfzk&a
    Source: FXdg37pY22.exe, 00000000.00000003.1720846876.0000000000E06000.00000004.00000020.00020000.00000000.sdmp, FXdg37pY22.exe, 00000000.00000003.1720786437.0000000000E03000.00000004.00000020.00020000.00000000.sdmp, FXdg37pY22.exe, 00000000.00000003.1720786437.0000000000DFC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/globalv2.css?v=hzEgqbtRcI5V&l=english&_c
    Source: FXdg37pY22.exe, 00000000.00000003.1720846876.0000000000E06000.00000004.00000020.00020000.00000000.sdmp, FXdg37pY22.exe, 00000000.00000003.1720786437.0000000000E03000.00000004.00000020.00020000.00000000.sdmp, FXdg37pY22.exe, 00000000.00000003.1720786437.0000000000DFC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/fatalerror.css?v=OFUqlcDNiD6y&l=engli
    Source: FXdg37pY22.exe, 00000000.00000003.1720846876.0000000000E06000.00000004.00000020.00020000.00000000.sdmp, FXdg37pY22.exe, 00000000.00000003.1720786437.0000000000E03000.00000004.00000020.00020000.00000000.sdmp, FXdg37pY22.exe, 00000000.00000003.1720786437.0000000000DFC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/header.css?v=EM4kCu67DNda&l=english&a
    Source: FXdg37pY22.exe, 00000000.00000002.1984398391.0000000000D8F000.00000004.00000020.00020000.00000000.sdmp, FXdg37pY22.exe, 00000000.00000003.1720846876.0000000000E06000.00000004.00000020.00020000.00000000.sdmp, FXdg37pY22.exe, 00000000.00000003.1720971980.0000000000D8F000.00000004.00000020.00020000.00000000.sdmp, FXdg37pY22.exe, 00000000.00000003.1720786437.0000000000E03000.00000004.00000020.00020000.00000000.sdmp, FXdg37pY22.exe, 00000000.00000003.1720786437.0000000000DFC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1
    Source: FXdg37pY22.exe, 00000000.00000003.1720846876.0000000000E06000.00000004.00000020.00020000.00000000.sdmp, FXdg37pY22.exe, 00000000.00000003.1720786437.0000000000E03000.00000004.00000020.00020000.00000000.sdmp, FXdg37pY22.exe, 00000000.00000003.1720786437.0000000000DFC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6
    Source: FXdg37pY22.exe, 00000000.00000003.1720846876.0000000000E06000.00000004.00000020.00020000.00000000.sdmp, FXdg37pY22.exe, 00000000.00000003.1720786437.0000000000E03000.00000004.00000020.00020000.00000000.sdmp, FXdg37pY22.exe, 00000000.00000003.1720786437.0000000000DFC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/main.js?v=_92TWn81
    Source: FXdg37pY22.exe, 00000000.00000003.1720846876.0000000000E06000.00000004.00000020.00020000.00000000.sdmp, FXdg37pY22.exe, 00000000.00000003.1720786437.0000000000E03000.00000004.00000020.00020000.00000000.sdmp, FXdg37pY22.exe, 00000000.00000003.1720786437.0000000000DFC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/manifest.js?v=FRRi
    Source: FXdg37pY22.exe, 00000000.00000003.1720846876.0000000000E06000.00000004.00000020.00020000.00000000.sdmp, FXdg37pY22.exe, 00000000.00000003.1720786437.0000000000E03000.00000004.00000020.00020000.00000000.sdmp, FXdg37pY22.exe, 00000000.00000003.1720786437.0000000000DFC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/global.js?v=jWc2JLWHx5Kn&l=english&am
    Source: FXdg37pY22.exe, 00000000.00000003.1720846876.0000000000E06000.00000004.00000020.00020000.00000000.sdmp, FXdg37pY22.exe, 00000000.00000003.1720786437.0000000000E03000.00000004.00000020.00020000.00000000.sdmp, FXdg37pY22.exe, 00000000.00000003.1720786437.0000000000DFC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=gQHVlrK4-jX-&l
    Source: FXdg37pY22.exe, 00000000.00000003.1720846876.0000000000E06000.00000004.00000020.00020000.00000000.sdmp, FXdg37pY22.exe, 00000000.00000003.1720786437.0000000000E03000.00000004.00000020.00020000.00000000.sdmp, FXdg37pY22.exe, 00000000.00000003.1720786437.0000000000DFC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/prototype-1.7.js?v=npJElBnrEO6W&l=eng
    Source: FXdg37pY22.exe, 00000000.00000003.1720846876.0000000000E06000.00000004.00000020.00020000.00000000.sdmp, FXdg37pY22.exe, 00000000.00000003.1720786437.0000000000E03000.00000004.00000020.00020000.00000000.sdmp, FXdg37pY22.exe, 00000000.00000003.1720786437.0000000000DFC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=pbdAKOcDIgbC
    Source: FXdg37pY22.exe, 00000000.00000003.1720846876.0000000000E06000.00000004.00000020.00020000.00000000.sdmp, FXdg37pY22.exe, 00000000.00000003.1720786437.0000000000E03000.00000004.00000020.00020000.00000000.sdmp, FXdg37pY22.exe, 00000000.00000003.1720786437.0000000000DFC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/buttons.css?v=qhQgyjWi6LgJ&l=english&
    Source: FXdg37pY22.exe, 00000000.00000003.1720846876.0000000000E06000.00000004.00000020.00020000.00000000.sdmp, FXdg37pY22.exe, 00000000.00000003.1720786437.0000000000E03000.00000004.00000020.00020000.00000000.sdmp, FXdg37pY22.exe, 00000000.00000003.1720786437.0000000000DFC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/motiva_sans.css?v=-yZgCk0Nu7kH&l=engl
    Source: FXdg37pY22.exe, 00000000.00000003.1720846876.0000000000E06000.00000004.00000020.00020000.00000000.sdmp, FXdg37pY22.exe, 00000000.00000003.1720786437.0000000000E03000.00000004.00000020.00020000.00000000.sdmp, FXdg37pY22.exe, 00000000.00000003.1720786437.0000000000DFC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/shared_global.css?v=wuA4X_n5-mo0&l=en
    Source: FXdg37pY22.exe, 00000000.00000003.1720846876.0000000000E06000.00000004.00000020.00020000.00000000.sdmp, FXdg37pY22.exe, 00000000.00000003.1720786437.0000000000E03000.00000004.00000020.00020000.00000000.sdmp, FXdg37pY22.exe, 00000000.00000003.1720786437.0000000000DFC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/shared_responsive.css?v=JL1e4uQSrVGe&
    Source: FXdg37pY22.exe, 00000000.00000003.1720846876.0000000000E06000.00000004.00000020.00020000.00000000.sdmp, FXdg37pY22.exe, 00000000.00000003.1720786437.0000000000E03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016
    Source: FXdg37pY22.exe, 00000000.00000003.1720846876.0000000000E06000.00000004.00000020.00020000.00000000.sdmp, FXdg37pY22.exe, 00000000.00000003.1720786437.0000000000E03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/header_logo.png
    Source: FXdg37pY22.exe, 00000000.00000003.1720846876.0000000000E06000.00000004.00000020.00020000.00000000.sdmp, FXdg37pY22.exe, 00000000.00000003.1720786437.0000000000E03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png
    Source: FXdg37pY22.exe, 00000000.00000003.1720846876.0000000000E06000.00000004.00000020.00020000.00000000.sdmp, FXdg37pY22.exe, 00000000.00000003.1720786437.0000000000E03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png
    Source: FXdg37pY22.exe, 00000000.00000003.1720846876.0000000000E06000.00000004.00000020.00020000.00000000.sdmp, FXdg37pY22.exe, 00000000.00000003.1720786437.0000000000E03000.00000004.00000020.00020000.00000000.sdmp, FXdg37pY22.exe, 00000000.00000003.1720786437.0000000000DFC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/auth_refresh.js?v=w6QbwI-5-j2S&amp
    Source: FXdg37pY22.exe, 00000000.00000003.1720846876.0000000000E06000.00000004.00000020.00020000.00000000.sdmp, FXdg37pY22.exe, 00000000.00000003.1720786437.0000000000E03000.00000004.00000020.00020000.00000000.sdmp, FXdg37pY22.exe, 00000000.00000003.1720786437.0000000000DFC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/shared_global.js?v=Gr6TbGRvDtNE&am
    Source: FXdg37pY22.exe, 00000000.00000003.1720846876.0000000000E06000.00000004.00000020.00020000.00000000.sdmp, FXdg37pY22.exe, 00000000.00000003.1720786437.0000000000E03000.00000004.00000020.00020000.00000000.sdmp, FXdg37pY22.exe, 00000000.00000003.1720786437.0000000000DFC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=tvQ
    Source: FXdg37pY22.exe, 00000000.00000003.1720846876.0000000000E06000.00000004.00000020.00020000.00000000.sdmp, FXdg37pY22.exe, 00000000.00000003.1720786437.0000000000E03000.00000004.00000020.00020000.00000000.sdmp, FXdg37pY22.exe, 00000000.00000003.1720786437.0000000000DFC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/tooltip.js?v=QYkT4eS5mbTN&l=en
    Source: FXdg37pY22.exeString found in binary or memory: https://gcc.gnu.org/bugs/):
    Source: FXdg37pY22.exe, 00000000.00000002.1984540330.0000000000DC8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://help.steampowered.com/
    Source: FXdg37pY22.exe, 00000000.00000003.1720846876.0000000000E06000.00000004.00000020.00020000.00000000.sdmp, FXdg37pY22.exe, 00000000.00000003.1720786437.0000000000E03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://help.steampowered.com/en/
    Source: FXdg37pY22.exe, 00000000.00000002.1984540330.0000000000DC8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.steampowered.com/
    Source: FXdg37pY22.exe, 00000000.00000002.1984540330.0000000000DC8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lv.queniujq.cn
    Source: FXdg37pY22.exe, 00000000.00000002.1984540330.0000000000DC8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://medal.tv
    Source: FXdg37pY22.exe, 00000000.00000002.1984540330.0000000000DC8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://player.vimeo.com
    Source: FXdg37pY22.exe, 00000000.00000002.1984540330.0000000000DC8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://recaptcha.net
    Source: FXdg37pY22.exe, 00000000.00000002.1984540330.0000000000DC8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://recaptcha.net/recaptcha/;
    Source: FXdg37pY22.exe, 00000000.00000002.1984540330.0000000000DC8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://s.ytimg.com;
    Source: FXdg37pY22.exe, 00000000.00000002.1984540330.0000000000DC8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sketchfab.com
    Source: FXdg37pY22.exe, 00000000.00000002.1984540330.0000000000DC8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steam.tv/
    Source: FXdg37pY22.exe, 00000000.00000002.1984540330.0000000000DC8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcast-test.akamaized.net
    Source: FXdg37pY22.exe, 00000000.00000002.1984540330.0000000000DC8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcast.akamaized.net
    Source: FXdg37pY22.exe, 00000000.00000002.1984540330.0000000000DC8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcastchat.akamaized.net
    Source: FXdg37pY22.exe, 00000000.00000002.1984398391.0000000000D8F000.00000004.00000020.00020000.00000000.sdmp, FXdg37pY22.exe, 00000000.00000003.1720846876.0000000000E06000.00000004.00000020.00020000.00000000.sdmp, FXdg37pY22.exe, 00000000.00000003.1720971980.0000000000D8F000.00000004.00000020.00020000.00000000.sdmp, FXdg37pY22.exe, 00000000.00000003.1720786437.0000000000E03000.00000004.00000020.00020000.00000000.sdmp, FXdg37pY22.exe, 00000000.00000003.1720786437.0000000000DFC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com
    Source: FXdg37pY22.exe, 00000000.00000002.1984540330.0000000000DC8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/
    Source: FXdg37pY22.exe, 00000000.00000003.1720846876.0000000000E06000.00000004.00000020.00020000.00000000.sdmp, FXdg37pY22.exe, 00000000.00000003.1720786437.0000000000E03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/?subsection=broadcasts
    Source: FXdg37pY22.exe, 00000000.00000003.1720846876.0000000000E06000.00000004.00000020.00020000.00000000.sdmp, FXdg37pY22.exe, 00000000.00000003.1720786437.0000000000E03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/discussions/
    Source: FXdg37pY22.exe, 00000000.00000002.1984435287.0000000000D93000.00000004.00000020.00020000.00000000.sdmp, FXdg37pY22.exe, 00000000.00000003.1720862280.0000000000D91000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/kn
    Source: FXdg37pY22.exe, 00000000.00000002.1984398391.0000000000D8F000.00000004.00000020.00020000.00000000.sdmp, FXdg37pY22.exe, 00000000.00000003.1720846876.0000000000E06000.00000004.00000020.00020000.00000000.sdmp, FXdg37pY22.exe, 00000000.00000003.1720971980.0000000000D8F000.00000004.00000020.00020000.00000000.sdmp, FXdg37pY22.exe, 00000000.00000003.1720786437.0000000000E03000.00000004.00000020.00020000.00000000.sdmp, FXdg37pY22.exe, 00000000.00000003.1720786437.0000000000DFC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org
    Source: FXdg37pY22.exe, 00000000.00000003.1720786437.0000000000E03000.00000004.00000020.00020000.00000000.sdmp, FXdg37pY22.exe, 00000000.00000003.1720786437.0000000000DFC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900
    Source: FXdg37pY22.exe, 00000000.00000003.1720846876.0000000000E06000.00000004.00000020.00020000.00000000.sdmp, FXdg37pY22.exe, 00000000.00000003.1720786437.0000000000E03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/market/
    Source: FXdg37pY22.exe, 00000000.00000003.1720846876.0000000000E06000.00000004.00000020.00020000.00000000.sdmp, FXdg37pY22.exe, 00000000.00000003.1720786437.0000000000E03000.00000004.00000020.00020000.00000000.sdmp, FXdg37pY22.exe, 00000000.00000003.1720786437.0000000000DFC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/my/wishlist/
    Source: FXdg37pY22.exe, 00000000.00000002.1984435287.0000000000D93000.00000004.00000020.00020000.00000000.sdmp, FXdg37pY22.exe, 00000000.00000003.1720862280.0000000000D91000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199724331900
    Source: FXdg37pY22.exe, 00000000.00000003.1720846876.0000000000E06000.00000004.00000020.00020000.00000000.sdmp, FXdg37pY22.exe, 00000000.00000003.1720786437.0000000000E03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/workshop/
    Source: FXdg37pY22.exe, 00000000.00000002.1984540330.0000000000DC8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/
    Source: FXdg37pY22.exe, 00000000.00000002.1984540330.0000000000DC8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/;
    Source: FXdg37pY22.exe, 00000000.00000003.1720862280.0000000000DC8000.00000004.00000020.00020000.00000000.sdmp, FXdg37pY22.exe, 00000000.00000003.1720820653.0000000000DC8000.00000004.00000020.00020000.00000000.sdmp, FXdg37pY22.exe, 00000000.00000002.1984540330.0000000000DC8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7C185ce35c568ebbb
    Source: FXdg37pY22.exe, 00000000.00000003.1720786437.0000000000E03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/about/
    Source: FXdg37pY22.exe, 00000000.00000003.1720846876.0000000000E06000.00000004.00000020.00020000.00000000.sdmp, FXdg37pY22.exe, 00000000.00000003.1720786437.0000000000E03000.00000004.00000020.00020000.00000000.sdmp, FXdg37pY22.exe, 00000000.00000003.1720786437.0000000000DFC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/explore/
    Source: FXdg37pY22.exe, 00000000.00000002.1984398391.0000000000D8F000.00000004.00000020.00020000.00000000.sdmp, FXdg37pY22.exe, 00000000.00000003.1720846876.0000000000E06000.00000004.00000020.00020000.00000000.sdmp, FXdg37pY22.exe, 00000000.00000003.1720971980.0000000000D8F000.00000004.00000020.00020000.00000000.sdmp, FXdg37pY22.exe, 00000000.00000003.1720786437.0000000000E03000.00000004.00000020.00020000.00000000.sdmp, FXdg37pY22.exe, 00000000.00000003.1720786437.0000000000DFC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/legal/
    Source: FXdg37pY22.exe, 00000000.00000003.1720846876.0000000000E06000.00000004.00000020.00020000.00000000.sdmp, FXdg37pY22.exe, 00000000.00000003.1720786437.0000000000E03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/mobile
    Source: FXdg37pY22.exe, 00000000.00000003.1720846876.0000000000E06000.00000004.00000020.00020000.00000000.sdmp, FXdg37pY22.exe, 00000000.00000003.1720786437.0000000000E03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/news/
    Source: FXdg37pY22.exe, 00000000.00000003.1720786437.0000000000DFC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/points/shop
    Source: FXdg37pY22.exe, 00000000.00000003.1720846876.0000000000E06000.00000004.00000020.00020000.00000000.sdmp, FXdg37pY22.exe, 00000000.00000003.1720786437.0000000000E03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/points/shop/
    Source: FXdg37pY22.exe, 00000000.00000003.1720846876.0000000000E06000.00000004.00000020.00020000.00000000.sdmp, FXdg37pY22.exe, 00000000.00000003.1720786437.0000000000E03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/privacy_agreement/
    Source: FXdg37pY22.exe, 00000000.00000003.1720846876.0000000000E06000.00000004.00000020.00020000.00000000.sdmp, FXdg37pY22.exe, 00000000.00000003.1720786437.0000000000E03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/stats/
    Source: FXdg37pY22.exe, 00000000.00000003.1720846876.0000000000E06000.00000004.00000020.00020000.00000000.sdmp, FXdg37pY22.exe, 00000000.00000003.1720786437.0000000000E03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/steam_refunds/
    Source: FXdg37pY22.exe, 00000000.00000003.1720846876.0000000000E06000.00000004.00000020.00020000.00000000.sdmp, FXdg37pY22.exe, 00000000.00000003.1720786437.0000000000E03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/subscriber_agreement/
    Source: FXdg37pY22.exe, 00000000.00000002.1984540330.0000000000DC8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com
    Source: FXdg37pY22.exe, 00000000.00000002.1984540330.0000000000DC8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/recaptcha/
    Source: FXdg37pY22.exe, 00000000.00000002.1984540330.0000000000DC8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.cn/recaptcha/
    Source: FXdg37pY22.exe, 00000000.00000002.1984540330.0000000000DC8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/recaptcha/
    Source: FXdg37pY22.exe, 00000000.00000003.1720862280.0000000000D91000.00000004.00000020.00020000.00000000.sdmp, FXdg37pY22.exe, 00000000.00000003.1720846876.0000000000E06000.00000004.00000020.00020000.00000000.sdmp, FXdg37pY22.exe, 00000000.00000003.1720786437.0000000000E03000.00000004.00000020.00020000.00000000.sdmp, FXdg37pY22.exe, 00000000.00000003.1720786437.0000000000DFC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback
    Source: FXdg37pY22.exe, 00000000.00000002.1984540330.0000000000DC8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com
    Source: FXdg37pY22.exe, 00000000.00000002.1984540330.0000000000DC8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
    Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
    Source: unknownHTTPS traffic detected: 23.55.153.106:443 -> 192.168.2.4:49730 version: TLS 1.2
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 0_2_00C91A30 OpenClipboard,GetWindowLongW,GetClipboardData,GlobalLock,GlobalUnlock,CloseClipboard,0_2_00C91A30
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 0_2_00C91A30 OpenClipboard,GetWindowLongW,GetClipboardData,GlobalLock,GlobalUnlock,CloseClipboard,0_2_00C91A30
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 0_2_00C91BB0 GetDC,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetCurrentObject,GetObjectW,DeleteObject,CreateCompatibleDC,CreateCompatibleBitmap,SelectObject,BitBlt,0_2_00C91BB0
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 0_2_008D00D00_2_008D00D0
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 0_2_008B65B40_2_008B65B4
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 0_2_008BC7200_2_008BC720
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 0_2_008B47510_2_008B4751
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 0_2_008E49340_2_008E4934
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 0_2_008BA9670_2_008BA967
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 0_2_008B8A1F0_2_008B8A1F
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 0_2_008B4CDD0_2_008B4CDD
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 0_2_008DED700_2_008DED70
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 0_2_008E51200_2_008E5120
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 0_2_008DF4D80_2_008DF4D8
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 0_2_008B77940_2_008B7794
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 0_2_008CF80C0_2_008CF80C
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 0_2_008BB8580_2_008BB858
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 0_2_008E79A00_2_008E79A0
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 0_2_008E1AA40_2_008E1AA4
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 0_2_008B5D2F0_2_008B5D2F
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 0_2_00C687F00_2_00C687F0
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 0_2_00C6A9600_2_00C6A960
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 0_2_00C980D90_2_00C980D9
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 0_2_00C880B00_2_00C880B0
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 0_2_00C6E06A0_2_00C6E06A
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 0_2_00C85F7D0_2_00C85F7D
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 0_2_00C9A0300_2_00C9A030
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 0_2_00C901D00_2_00C901D0
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 0_2_00C681F00_2_00C681F0
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 0_2_00C861700_2_00C86170
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 0_2_00C8A1000_2_00C8A100
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 0_2_00C9E2C00_2_00C9E2C0
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 0_2_00C6E2A90_2_00C6E2A9
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 0_2_00C642700_2_00C64270
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 0_2_00C822700_2_00C82270
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 0_2_00C662000_2_00C66200
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 0_2_00C9A3F00_2_00C9A3F0
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 0_2_00C7C3600_2_00C7C360
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 0_2_00C964300_2_00C96430
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 0_2_00C765710_2_00C76571
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 0_2_00C8C6D70_2_00C8C6D7
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 0_2_00C866E70_2_00C866E7
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 0_2_00C666900_2_00C66690
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 0_2_00C966900_2_00C96690
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 0_2_00C9E6900_2_00C9E690
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 0_2_00C726700_2_00C72670
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 0_2_00C767A50_2_00C767A5
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 0_2_00C807170_2_00C80717
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 0_2_00C787310_2_00C78731
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 0_2_00C689900_2_00C68990
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 0_2_00C8297F0_2_00C8297F
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 0_2_00C9CAC00_2_00C9CAC0
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 0_2_00C74A400_2_00C74A40
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 0_2_00C6CA540_2_00C6CA54
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 0_2_00C9CBD60_2_00C9CBD6
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 0_2_00C64BA00_2_00C64BA0
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 0_2_00C7CB5A0_2_00C7CB5A
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 0_2_00C76B7E0_2_00C76B7E
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 0_2_00C9CAC00_2_00C9CAC0
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 0_2_00C9CCE00_2_00C9CCE0
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 0_2_00C82CF80_2_00C82CF8
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 0_2_00C94C4D0_2_00C94C4D
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 0_2_00C96C400_2_00C96C40
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 0_2_00C78C1E0_2_00C78C1E
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 0_2_00C9CD600_2_00C9CD60
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 0_2_00C76E970_2_00C76E97
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 0_2_00C62EA00_2_00C62EA0
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 0_2_00C86EBE0_2_00C86EBE
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 0_2_00C7AE000_2_00C7AE00
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 0_2_00C9CE000_2_00C9CE00
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 0_2_00C70FD60_2_00C70FD6
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 0_2_00C96F900_2_00C96F90
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 0_2_00C78FAD0_2_00C78FAD
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 0_2_00C88F5D0_2_00C88F5D
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 0_2_00C74F080_2_00C74F08
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 0_2_00C7EF300_2_00C7EF30
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 0_2_00C8D0850_2_00C8D085
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 0_2_00C690700_2_00C69070
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 0_2_00C771900_2_00C77190
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 0_2_00C892D00_2_00C892D0
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 0_2_00C792BA0_2_00C792BA
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 0_2_00C833A00_2_00C833A0
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 0_2_00C6B3510_2_00C6B351
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 0_2_00C693600_2_00C69360
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 0_2_00C9533A0_2_00C9533A
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 0_2_00C6D44C0_2_00C6D44C
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 0_2_00C674700_2_00C67470
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 0_2_00C7D4200_2_00C7D420
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 0_2_00C815F00_2_00C815F0
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 0_2_00C756D00_2_00C756D0
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 0_2_00C976B00_2_00C976B0
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 0_2_00C856700_2_00C85670
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 0_2_00C697B00_2_00C697B0
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 0_2_00C8B7630_2_00C8B763
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 0_2_00C638C00_2_00C638C0
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 0_2_00C7D8E00_2_00C7D8E0
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 0_2_00C76E970_2_00C76E97
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 0_2_00C979000_2_00C97900
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 0_2_00C659100_2_00C65910
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 0_2_00C859200_2_00C85920
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 0_2_00C75ADC0_2_00C75ADC
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 0_2_00C8BA8D0_2_00C8BA8D
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 0_2_00C7BA480_2_00C7BA48
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 0_2_00C83A000_2_00C83A00
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 0_2_00C99B900_2_00C99B90
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 0_2_00C71B1B0_2_00C71B1B
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 0_2_00C9DCF00_2_00C9DCF0
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 0_2_00C87C9D0_2_00C87C9D
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 0_2_00C79C100_2_00C79C10
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 0_2_00C7DC200_2_00C7DC20
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 0_2_00C83D300_2_00C83D30
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 0_2_00C75EE00_2_00C75EE0
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 0_2_00C7DE400_2_00C7DE40
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 0_2_00C83E300_2_00C83E30
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 0_2_00C8BFDA0_2_00C8BFDA
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 0_2_00C8BFD30_2_00C8BFD3
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 0_2_00C9DFB00_2_00C9DFB0
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 0_2_00C85F7D0_2_00C85F7D
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: String function: 00C68000 appears 55 times
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: String function: 00912610 appears 86 times
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: String function: 00C74A30 appears 76 times
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: String function: 008B214F appears 37 times
    Source: FXdg37pY22.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, DEBUG_STRIPPED
    Source: classification engineClassification label: mal88.troj.winEXE@2/1@9/1
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 0_2_00C90A6C CoCreateInstance,0_2_00C90A6C
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 0_2_008C68D8 GetModuleHandleA,FindResourceA,LoadResource,LockResource,0_2_008C68D8
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7540:120:WilError_03
    Source: FXdg37pY22.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
    Source: C:\Users\user\Desktop\FXdg37pY22.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
    Source: FXdg37pY22.exeVirustotal: Detection: 66%
    Source: FXdg37pY22.exeReversingLabs: Detection: 68%
    Source: C:\Users\user\Desktop\FXdg37pY22.exeFile read: C:\Users\user\Desktop\FXdg37pY22.exeJump to behavior
    Source: unknownProcess created: C:\Users\user\Desktop\FXdg37pY22.exe "C:\Users\user\Desktop\FXdg37pY22.exe"
    Source: C:\Users\user\Desktop\FXdg37pY22.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\FXdg37pY22.exeSection loaded: apphelp.dllJump to behavior
    Source: C:\Users\user\Desktop\FXdg37pY22.exeSection loaded: winhttp.dllJump to behavior
    Source: C:\Users\user\Desktop\FXdg37pY22.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Users\user\Desktop\FXdg37pY22.exeSection loaded: webio.dllJump to behavior
    Source: C:\Users\user\Desktop\FXdg37pY22.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\FXdg37pY22.exeSection loaded: iphlpapi.dllJump to behavior
    Source: C:\Users\user\Desktop\FXdg37pY22.exeSection loaded: winnsi.dllJump to behavior
    Source: C:\Users\user\Desktop\FXdg37pY22.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Users\user\Desktop\FXdg37pY22.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\FXdg37pY22.exeSection loaded: rasadhlp.dllJump to behavior
    Source: C:\Users\user\Desktop\FXdg37pY22.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Users\user\Desktop\FXdg37pY22.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Users\user\Desktop\FXdg37pY22.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Users\user\Desktop\FXdg37pY22.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Users\user\Desktop\FXdg37pY22.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Users\user\Desktop\FXdg37pY22.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Users\user\Desktop\FXdg37pY22.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Users\user\Desktop\FXdg37pY22.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Users\user\Desktop\FXdg37pY22.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\FXdg37pY22.exeSection loaded: schannel.dllJump to behavior
    Source: C:\Users\user\Desktop\FXdg37pY22.exeSection loaded: mskeyprotect.dllJump to behavior
    Source: C:\Users\user\Desktop\FXdg37pY22.exeSection loaded: ntasn1.dllJump to behavior
    Source: C:\Users\user\Desktop\FXdg37pY22.exeSection loaded: ncrypt.dllJump to behavior
    Source: C:\Users\user\Desktop\FXdg37pY22.exeSection loaded: ncryptsslp.dllJump to behavior
    Source: C:\Users\user\Desktop\FXdg37pY22.exeSection loaded: msasn1.dllJump to behavior
    Source: C:\Users\user\Desktop\FXdg37pY22.exeSection loaded: cryptsp.dllJump to behavior
    Source: C:\Users\user\Desktop\FXdg37pY22.exeSection loaded: rsaenh.dllJump to behavior
    Source: C:\Users\user\Desktop\FXdg37pY22.exeSection loaded: cryptbase.dllJump to behavior
    Source: C:\Users\user\Desktop\FXdg37pY22.exeSection loaded: gpapi.dllJump to behavior
    Source: C:\Users\user\Desktop\FXdg37pY22.exeSection loaded: dpapi.dllJump to behavior
    Source: FXdg37pY22.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 0_2_008BDE7C GetModuleHandleW,GetProcAddress,GetProcAddress,LoadLibraryW,GetProcAddress,0_2_008BDE7C
    Source: FXdg37pY22.exeStatic PE information: real checksum: 0x8fb6f should be: 0xdc618
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 0_2_0091E09C push eax; mov dword ptr [esp], esi0_2_0091E0B8
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 0_2_008E80F8 push eax; mov dword ptr [esp], 0000002Eh0_2_008E8615
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 0_2_008E80F8 push eax; mov dword ptr [esp], 00000065h0_2_008E86E5
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 0_2_008E2194 push eax; mov dword ptr [esp], 0000002Eh0_2_008E2677
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 0_2_008E2194 push eax; mov dword ptr [esp], 00000065h0_2_008E273D
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 0_2_008EC1A8 push ecx; mov dword ptr [esp], edx0_2_008EC1E2
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 0_2_008CA2C8 push eax; mov dword ptr [esp], edi0_2_008CA2EE
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 0_2_008EE2C0 push ecx; mov dword ptr [esp], edx0_2_008EE2FA
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 0_2_008EC4FB push ecx; mov dword ptr [esp], eax0_2_008EC510
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 0_2_008D2450 push eax; mov dword ptr [esp], esi0_2_008D247C
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 0_2_0092244C push edx; mov dword ptr [esp], eax0_2_00922558
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 0_2_0092244C push edi; mov dword ptr [esp], 00000002h0_2_00922576
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 0_2_00900531 push edx; mov dword ptr [esp], esi0_2_00900594
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 0_2_00900554 push edx; mov dword ptr [esp], esi0_2_00900594
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 0_2_009006C0 push edx; mov dword ptr [esp], esi0_2_009006FA
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 0_2_0090C6C4 push edx; mov dword ptr [esp], eax0_2_0090C735
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 0_2_008EE611 push esi; mov dword ptr [esp], eax0_2_008EE626
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 0_2_0092472C push ebx; mov dword ptr [esp], eax0_2_009247B9
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 0_2_00910754 push eax; mov dword ptr [esp], 0092D110h0_2_00910786
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 0_2_00910754 push edx; mov dword ptr [esp], 00000001h0_2_00910798
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 0_2_00910754 push eax; mov dword ptr [esp], esi0_2_009107B9
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 0_2_00910754 push eax; mov dword ptr [esp], 0092D158h0_2_009107CD
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 0_2_00910754 push eax; mov dword ptr [esp], 0092D164h0_2_009107F6
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 0_2_00910754 push eax; mov dword ptr [esp], 00000001h0_2_00910871
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 0_2_00910754 push eax; mov dword ptr [esp], 0092D0F0h0_2_00910880
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 0_2_00910754 push eax; mov dword ptr [esp], 0092D11Ch0_2_009108BB
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 0_2_00910754 push eax; mov dword ptr [esp], 00000001h0_2_009108CD
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 0_2_00910754 push edx; mov dword ptr [esp], 0092D194h0_2_009108DC
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 0_2_00910754 push eax; mov dword ptr [esp], 0092D170h0_2_00910905
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 0_2_00910754 push eax; mov dword ptr [esp], 0092D17Ch0_2_0091092E
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 0_2_00910754 push eax; mov dword ptr [esp], 0092D100h0_2_009109B8
    Source: C:\Users\user\Desktop\FXdg37pY22.exeAPI coverage: 3.9 %
    Source: C:\Users\user\Desktop\FXdg37pY22.exe TID: 7584Thread sleep time: -30000s >= -30000sJump to behavior
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: FXdg37pY22.exe, 00000000.00000003.1720862280.0000000000DB6000.00000004.00000020.00020000.00000000.sdmp, FXdg37pY22.exe, 00000000.00000002.1984435287.0000000000DB6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW7
    Source: FXdg37pY22.exe, 00000000.00000003.1720862280.0000000000DB6000.00000004.00000020.00020000.00000000.sdmp, FXdg37pY22.exe, 00000000.00000002.1984435287.0000000000DB6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
    Source: FXdg37pY22.exe, 00000000.00000002.1984315737.0000000000D4E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWh
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 0_2_00C9B480 LdrInitializeThunk,0_2_00C9B480
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 0_2_008C1866 _strdup,free,IsDebuggerPresent,RaiseException,0_2_008C1866
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 0_2_008BDE7C GetModuleHandleW,GetProcAddress,GetProcAddress,LoadLibraryW,GetProcAddress,0_2_008BDE7C
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 0_2_008B1127 Sleep,_amsg_exit,_initterm,_initterm,SetUnhandledExceptionFilter,malloc,strlen,malloc,__initenv,exit,_cexit,0_2_008B1127
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 0_2_0090B240 cpuid 0_2_0090B240
    Source: C:\Users\user\Desktop\FXdg37pY22.exeCode function: 0_2_008BF3E3 GetSystemTimeAsFileTime,0_2_008BF3E3
    Source: C:\Users\user\Desktop\FXdg37pY22.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

    Stealing of Sensitive Information

    barindex
    Yara detected LummaC Stealer
    Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR

    Remote Access Functionality

    barindex
    Yara detected LummaC Stealer
    Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR

    Mitre Att&ck Matrix

    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
    Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
    Native API    		1
    DLL Side-Loading    		1
    Process Injection    		1
    Virtualization/Sandbox Evasion    		OS Credential Dumping1
    System Time Discovery    		Remote Services1
    Screen Capture    		11
    Encrypted Channel    		Exfiltration Over Other Network MediumAbuse Accessibility Features
    CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
    DLL Side-Loading    		1
    Process Injection    		LSASS Memory11
    Security Software Discovery    		Remote Desktop Protocol1
    Archive Collected Data    		1
    Ingress Tool Transfer    		Exfiltration Over BluetoothNetwork Denial of Service
    Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
    Deobfuscate/Decode Files or Information    		Security Account Manager1
    Virtualization/Sandbox Evasion    		SMB/Windows Admin Shares2
    Clipboard Data    		2
    Non-Application Layer Protocol    		Automated ExfiltrationData Encrypted for Impact
    Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook3
    Obfuscated Files or Information    		NTDS13
    System Information Discovery    		Distributed Component Object ModelInput Capture113
    Application Layer Protocol    		Traffic DuplicationData Destruction
    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
    DLL Side-Loading    		LSA SecretsInternet Connection DiscoverySSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact

    Behavior Graph

    Hide Legend

    Legend:

    • Process
    • Signature
    • Created File
    • DNS/IP Info
    • Is Dropped
    • Is Windows Process
    • Number of created Registry Values
    • Number of created Files
    • Visual Basic
    • Delphi
    • Java
    • .Net C# or VB.NET
    • C, C++ or other language
    • Is malicious
    • Internet

    Screenshots

    Thumbnails

    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


    windows-stand

    Antivirus, Machine Learning and Genetic Malware Detection

    Initial Sample

    SourceDetectionScannerLabelLink
    FXdg37pY22.exe67%VirustotalBrowse
    FXdg37pY22.exe68%ReversingLabsWin32.Exploit.Generic
    FXdg37pY22.exe100%Joe Sandbox ML

    Dropped Files

    No Antivirus matches

    Unpacked PE Files

    No Antivirus matches

    Domains

    No Antivirus matches

    URLs

    No Antivirus matches

    Domains and IPs

    Contacted Domains

    NameIPActiveMaliciousAntivirus DetectionReputation
    steamcommunity.com
    		23.55.153.106
    		truefalse
      		high
      dare-curbys.biz
      		unknown
      		unknownfalse
        		high
        impend-differ.biz
        		unknown
        		unknownfalse
          		high
          se-blurry.biz
          		unknown
          		unknownfalse
            		high
            zinc-sneark.biz
            		unknown
            		unknownfalse
              		high
              print-vexer.biz
              		unknown
              		unknownfalse
                		high
                covery-mover.biz
                		unknown
                		unknownfalse
                  		high
                  dwell-exclaim.biz
                  		unknown
                  		unknownfalse
                    		high
                    formy-spill.biz
                    		unknown
                    		unknownfalse
                      		high

                      Contacted URLs

                      NameMaliciousAntivirus DetectionReputation
                      dare-curbys.bizfalse
                        		high
                        impend-differ.bizfalse
                          		high
                          dwell-exclaim.bizfalse
                            		high
                            zinc-sneark.bizfalse
                              		high
                              formy-spill.bizfalse
                                		high
                                se-blurry.bizfalse
                                  		high
                                  https://steamcommunity.com/profiles/76561199724331900false
                                    		high
                                    covery-mover.bizfalse
                                      		high
                                      print-vexer.bizfalse
                                        		high

                                        URLs from Memory and Binaries

                                        NameSourceMaliciousAntivirus DetectionReputation
                                        https://steamcommunity.com/my/wishlist/FXdg37pY22.exe, 00000000.00000003.1720846876.0000000000E06000.00000004.00000020.00020000.00000000.sdmp, FXdg37pY22.exe, 00000000.00000003.1720786437.0000000000E03000.00000004.00000020.00020000.00000000.sdmp, FXdg37pY22.exe, 00000000.00000003.1720786437.0000000000DFC000.00000004.00000020.00020000.00000000.sdmpfalse
                                          		high
                                          https://community.fastly.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.pngFXdg37pY22.exe, 00000000.00000003.1720846876.0000000000E06000.00000004.00000020.00020000.00000000.sdmp, FXdg37pY22.exe, 00000000.00000003.1720786437.0000000000E03000.00000004.00000020.00020000.00000000.sdmpfalse
                                            		high
                                            https://gcc.gnu.org/bugs/):FXdg37pY22.exefalse
                                              		high
                                              https://player.vimeo.comFXdg37pY22.exe, 00000000.00000002.1984540330.0000000000DC8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		high
                                                https://community.fastly.steamstatic.com/public/shared/css/shared_responsive.css?v=JL1e4uQSrVGe&FXdg37pY22.exe, 00000000.00000003.1720846876.0000000000E06000.00000004.00000020.00020000.00000000.sdmp, FXdg37pY22.exe, 00000000.00000003.1720786437.0000000000E03000.00000004.00000020.00020000.00000000.sdmp, FXdg37pY22.exe, 00000000.00000003.1720786437.0000000000DFC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://steamcommunity.com/?subsection=broadcastsFXdg37pY22.exe, 00000000.00000003.1720846876.0000000000E06000.00000004.00000020.00020000.00000000.sdmp, FXdg37pY22.exe, 00000000.00000003.1720786437.0000000000E03000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://help.steampowered.com/en/FXdg37pY22.exe, 00000000.00000003.1720846876.0000000000E06000.00000004.00000020.00020000.00000000.sdmp, FXdg37pY22.exe, 00000000.00000003.1720786437.0000000000E03000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://steamcommunity.com/market/FXdg37pY22.exe, 00000000.00000003.1720846876.0000000000E06000.00000004.00000020.00020000.00000000.sdmp, FXdg37pY22.exe, 00000000.00000003.1720786437.0000000000E03000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://store.steampowered.com/news/FXdg37pY22.exe, 00000000.00000003.1720846876.0000000000E06000.00000004.00000020.00020000.00000000.sdmp, FXdg37pY22.exe, 00000000.00000003.1720786437.0000000000E03000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://store.steampowered.com/subscriber_agreement/FXdg37pY22.exe, 00000000.00000003.1720846876.0000000000E06000.00000004.00000020.00020000.00000000.sdmp, FXdg37pY22.exe, 00000000.00000003.1720786437.0000000000E03000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://www.gstatic.cn/recaptcha/FXdg37pY22.exe, 00000000.00000002.1984540330.0000000000DC8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		high
                                                              http://store.steampowered.com/subscriber_agreement/FXdg37pY22.exe, 00000000.00000002.1984398391.0000000000D8F000.00000004.00000020.00020000.00000000.sdmp, FXdg37pY22.exe, 00000000.00000003.1720846876.0000000000E06000.00000004.00000020.00020000.00000000.sdmp, FXdg37pY22.exe, 00000000.00000003.1720971980.0000000000D8F000.00000004.00000020.00020000.00000000.sdmp, FXdg37pY22.exe, 00000000.00000003.1720786437.0000000000E03000.00000004.00000020.00020000.00000000.sdmp, FXdg37pY22.exe, 00000000.00000003.1720786437.0000000000DFC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.orgFXdg37pY22.exe, 00000000.00000002.1984398391.0000000000D8F000.00000004.00000020.00020000.00000000.sdmp, FXdg37pY22.exe, 00000000.00000003.1720846876.0000000000E06000.00000004.00000020.00020000.00000000.sdmp, FXdg37pY22.exe, 00000000.00000003.1720971980.0000000000D8F000.00000004.00000020.00020000.00000000.sdmp, FXdg37pY22.exe, 00000000.00000003.1720786437.0000000000E03000.00000004.00000020.00020000.00000000.sdmp, FXdg37pY22.exe, 00000000.00000003.1720786437.0000000000DFC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://recaptcha.net/recaptcha/;FXdg37pY22.exe, 00000000.00000002.1984540330.0000000000DC8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    http://www.valvesoftware.com/legal.htmFXdg37pY22.exe, 00000000.00000003.1720846876.0000000000E06000.00000004.00000020.00020000.00000000.sdmp, FXdg37pY22.exe, 00000000.00000003.1720786437.0000000000E03000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://community.fastly.steamstatic.com/public/shared/css/shared_global.css?v=wuA4X_n5-mo0&l=enFXdg37pY22.exe, 00000000.00000003.1720846876.0000000000E06000.00000004.00000020.00020000.00000000.sdmp, FXdg37pY22.exe, 00000000.00000003.1720786437.0000000000E03000.00000004.00000020.00020000.00000000.sdmp, FXdg37pY22.exe, 00000000.00000003.1720786437.0000000000DFC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://steamcommunity.com/discussions/FXdg37pY22.exe, 00000000.00000003.1720846876.0000000000E06000.00000004.00000020.00020000.00000000.sdmp, FXdg37pY22.exe, 00000000.00000003.1720786437.0000000000E03000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          https://www.youtube.comFXdg37pY22.exe, 00000000.00000002.1984540330.0000000000DC8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://www.google.comFXdg37pY22.exe, 00000000.00000002.1984540330.0000000000DC8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://store.steampowered.com/stats/FXdg37pY22.exe, 00000000.00000003.1720846876.0000000000E06000.00000004.00000020.00020000.00000000.sdmp, FXdg37pY22.exe, 00000000.00000003.1720786437.0000000000E03000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://community.fastly.steamstatic.com/public/shared/javascript/shared_global.js?v=Gr6TbGRvDtNE&amFXdg37pY22.exe, 00000000.00000003.1720846876.0000000000E06000.00000004.00000020.00020000.00000000.sdmp, FXdg37pY22.exe, 00000000.00000003.1720786437.0000000000E03000.00000004.00000020.00020000.00000000.sdmp, FXdg37pY22.exe, 00000000.00000003.1720786437.0000000000DFC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://medal.tvFXdg37pY22.exe, 00000000.00000002.1984540330.0000000000DC8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://broadcast.st.dl.eccdnx.comFXdg37pY22.exe, 00000000.00000002.1984540330.0000000000DC8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://community.fastly.steamstatic.com/public/shared/images/responsive/logo_valve_footer.pngFXdg37pY22.exe, 00000000.00000003.1720846876.0000000000E06000.00000004.00000020.00020000.00000000.sdmp, FXdg37pY22.exe, 00000000.00000003.1720786437.0000000000E03000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://community.fastly.steamstatic.com/public/css/skin_1/header.css?v=EM4kCu67DNda&l=english&aFXdg37pY22.exe, 00000000.00000003.1720846876.0000000000E06000.00000004.00000020.00020000.00000000.sdmp, FXdg37pY22.exe, 00000000.00000003.1720786437.0000000000E03000.00000004.00000020.00020000.00000000.sdmp, FXdg37pY22.exe, 00000000.00000003.1720786437.0000000000DFC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://store.steampowered.com/steam_refunds/FXdg37pY22.exe, 00000000.00000003.1720846876.0000000000E06000.00000004.00000020.00020000.00000000.sdmp, FXdg37pY22.exe, 00000000.00000003.1720786437.0000000000E03000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20FeedbackFXdg37pY22.exe, 00000000.00000003.1720862280.0000000000D91000.00000004.00000020.00020000.00000000.sdmp, FXdg37pY22.exe, 00000000.00000003.1720846876.0000000000E06000.00000004.00000020.00020000.00000000.sdmp, FXdg37pY22.exe, 00000000.00000003.1720786437.0000000000E03000.00000004.00000020.00020000.00000000.sdmp, FXdg37pY22.exe, 00000000.00000003.1720786437.0000000000DFC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://community.fastly.steamstatic.com/public/css/applications/community/main.css?v=Lj6X7NKUMfzk&aFXdg37pY22.exe, 00000000.00000003.1720846876.0000000000E06000.00000004.00000020.00020000.00000000.sdmp, FXdg37pY22.exe, 00000000.00000003.1720786437.0000000000E03000.00000004.00000020.00020000.00000000.sdmp, FXdg37pY22.exe, 00000000.00000003.1720786437.0000000000DFC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900FXdg37pY22.exe, 00000000.00000003.1720786437.0000000000E03000.00000004.00000020.00020000.00000000.sdmp, FXdg37pY22.exe, 00000000.00000003.1720786437.0000000000DFC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  https://community.fastly.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6FXdg37pY22.exe, 00000000.00000003.1720846876.0000000000E06000.00000004.00000020.00020000.00000000.sdmp, FXdg37pY22.exe, 00000000.00000003.1720786437.0000000000E03000.00000004.00000020.00020000.00000000.sdmp, FXdg37pY22.exe, 00000000.00000003.1720786437.0000000000DFC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    https://community.fastly.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016FXdg37pY22.exe, 00000000.00000003.1720846876.0000000000E06000.00000004.00000020.00020000.00000000.sdmp, FXdg37pY22.exe, 00000000.00000003.1720786437.0000000000E03000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/FXdg37pY22.exe, 00000000.00000002.1984540330.0000000000DC8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        https://community.fastly.steamstatic.com/public/shared/css/motiva_sans.css?v=-yZgCk0Nu7kH&l=englFXdg37pY22.exe, 00000000.00000003.1720846876.0000000000E06000.00000004.00000020.00020000.00000000.sdmp, FXdg37pY22.exe, 00000000.00000003.1720786437.0000000000E03000.00000004.00000020.00020000.00000000.sdmp, FXdg37pY22.exe, 00000000.00000003.1720786437.0000000000DFC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          https://community.fastly.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=pbdAKOcDIgbCFXdg37pY22.exe, 00000000.00000003.1720846876.0000000000E06000.00000004.00000020.00020000.00000000.sdmp, FXdg37pY22.exe, 00000000.00000003.1720786437.0000000000E03000.00000004.00000020.00020000.00000000.sdmp, FXdg37pY22.exe, 00000000.00000003.1720786437.0000000000DFC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            https://s.ytimg.com;FXdg37pY22.exe, 00000000.00000002.1984540330.0000000000DC8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              https://community.fastly.steamstatic.com/public/javascript/applications/community/manifest.js?v=FRRiFXdg37pY22.exe, 00000000.00000003.1720846876.0000000000E06000.00000004.00000020.00020000.00000000.sdmp, FXdg37pY22.exe, 00000000.00000003.1720786437.0000000000E03000.00000004.00000020.00020000.00000000.sdmp, FXdg37pY22.exe, 00000000.00000003.1720786437.0000000000DFC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                https://steamcommunity.com/workshop/FXdg37pY22.exe, 00000000.00000003.1720846876.0000000000E06000.00000004.00000020.00020000.00000000.sdmp, FXdg37pY22.exe, 00000000.00000003.1720786437.0000000000E03000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  https://login.steampowered.com/FXdg37pY22.exe, 00000000.00000002.1984540330.0000000000DC8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7C185ce35c568ebbbFXdg37pY22.exe, 00000000.00000003.1720862280.0000000000DC8000.00000004.00000020.00020000.00000000.sdmp, FXdg37pY22.exe, 00000000.00000003.1720820653.0000000000DC8000.00000004.00000020.00020000.00000000.sdmp, FXdg37pY22.exe, 00000000.00000002.1984540330.0000000000DC8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://community.fastly.steamstatic.com/public/css/globalv2.css?v=hzEgqbtRcI5V&l=english&_cFXdg37pY22.exe, 00000000.00000003.1720846876.0000000000E06000.00000004.00000020.00020000.00000000.sdmp, FXdg37pY22.exe, 00000000.00000003.1720786437.0000000000E03000.00000004.00000020.00020000.00000000.sdmp, FXdg37pY22.exe, 00000000.00000003.1720786437.0000000000DFC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        https://community.fastly.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1FXdg37pY22.exe, 00000000.00000002.1984398391.0000000000D8F000.00000004.00000020.00020000.00000000.sdmp, FXdg37pY22.exe, 00000000.00000003.1720846876.0000000000E06000.00000004.00000020.00020000.00000000.sdmp, FXdg37pY22.exe, 00000000.00000003.1720971980.0000000000D8F000.00000004.00000020.00020000.00000000.sdmp, FXdg37pY22.exe, 00000000.00000003.1720786437.0000000000E03000.00000004.00000020.00020000.00000000.sdmp, FXdg37pY22.exe, 00000000.00000003.1720786437.0000000000DFC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          https://community.fastly.steamstatic.com/public/shared/css/buttons.css?v=qhQgyjWi6LgJ&l=english&FXdg37pY22.exe, 00000000.00000003.1720846876.0000000000E06000.00000004.00000020.00020000.00000000.sdmp, FXdg37pY22.exe, 00000000.00000003.1720786437.0000000000E03000.00000004.00000020.00020000.00000000.sdmp, FXdg37pY22.exe, 00000000.00000003.1720786437.0000000000DFC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            https://store.steampowered.com/legal/FXdg37pY22.exe, 00000000.00000002.1984398391.0000000000D8F000.00000004.00000020.00020000.00000000.sdmp, FXdg37pY22.exe, 00000000.00000003.1720846876.0000000000E06000.00000004.00000020.00020000.00000000.sdmp, FXdg37pY22.exe, 00000000.00000003.1720971980.0000000000D8F000.00000004.00000020.00020000.00000000.sdmp, FXdg37pY22.exe, 00000000.00000003.1720786437.0000000000E03000.00000004.00000020.00020000.00000000.sdmp, FXdg37pY22.exe, 00000000.00000003.1720786437.0000000000DFC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              https://community.fastly.steamstatic.com/FXdg37pY22.exe, 00000000.00000002.1984540330.0000000000DC8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                https://community.fastly.steamstatic.com/public/css/skin_1/fatalerror.css?v=OFUqlcDNiD6y&l=engliFXdg37pY22.exe, 00000000.00000003.1720846876.0000000000E06000.00000004.00000020.00020000.00000000.sdmp, FXdg37pY22.exe, 00000000.00000003.1720786437.0000000000E03000.00000004.00000020.00020000.00000000.sdmp, FXdg37pY22.exe, 00000000.00000003.1720786437.0000000000DFC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  https://steam.tv/FXdg37pY22.exe, 00000000.00000002.1984540330.0000000000DC8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    https://community.fastly.steamstatic.com/public/shared/javascript/tooltip.js?v=QYkT4eS5mbTN&l=enFXdg37pY22.exe, 00000000.00000003.1720846876.0000000000E06000.00000004.00000020.00020000.00000000.sdmp, FXdg37pY22.exe, 00000000.00000003.1720786437.0000000000E03000.00000004.00000020.00020000.00000000.sdmp, FXdg37pY22.exe, 00000000.00000003.1720786437.0000000000DFC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      https://community.fastly.steamstatic.com/public/javascript/prototype-1.7.js?v=npJElBnrEO6W&l=engFXdg37pY22.exe, 00000000.00000003.1720846876.0000000000E06000.00000004.00000020.00020000.00000000.sdmp, FXdg37pY22.exe, 00000000.00000003.1720786437.0000000000E03000.00000004.00000020.00020000.00000000.sdmp, FXdg37pY22.exe, 00000000.00000003.1720786437.0000000000DFC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        https://steamcommunity.com/knFXdg37pY22.exe, 00000000.00000002.1984435287.0000000000D93000.00000004.00000020.00020000.00000000.sdmp, FXdg37pY22.exe, 00000000.00000003.1720862280.0000000000D91000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          http://store.steampowered.com/privacy_agreement/FXdg37pY22.exe, 00000000.00000002.1984398391.0000000000D8F000.00000004.00000020.00020000.00000000.sdmp, FXdg37pY22.exe, 00000000.00000003.1720846876.0000000000E06000.00000004.00000020.00020000.00000000.sdmp, FXdg37pY22.exe, 00000000.00000003.1720971980.0000000000D8F000.00000004.00000020.00020000.00000000.sdmp, FXdg37pY22.exe, 00000000.00000003.1720786437.0000000000E03000.00000004.00000020.00020000.00000000.sdmp, FXdg37pY22.exe, 00000000.00000003.1720786437.0000000000DFC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            https://store.steampowered.com/points/shop/FXdg37pY22.exe, 00000000.00000003.1720846876.0000000000E06000.00000004.00000020.00020000.00000000.sdmp, FXdg37pY22.exe, 00000000.00000003.1720786437.0000000000E03000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              https://recaptcha.netFXdg37pY22.exe, 00000000.00000002.1984540330.0000000000DC8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                https://store.steampowered.com/FXdg37pY22.exe, 00000000.00000002.1984540330.0000000000DC8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  https://steamcommunity.comFXdg37pY22.exe, 00000000.00000002.1984398391.0000000000D8F000.00000004.00000020.00020000.00000000.sdmp, FXdg37pY22.exe, 00000000.00000003.1720846876.0000000000E06000.00000004.00000020.00020000.00000000.sdmp, FXdg37pY22.exe, 00000000.00000003.1720971980.0000000000D8F000.00000004.00000020.00020000.00000000.sdmp, FXdg37pY22.exe, 00000000.00000003.1720786437.0000000000E03000.00000004.00000020.00020000.00000000.sdmp, FXdg37pY22.exe, 00000000.00000003.1720786437.0000000000DFC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    https://sketchfab.comFXdg37pY22.exe, 00000000.00000002.1984540330.0000000000DC8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      https://lv.queniujq.cnFXdg37pY22.exe, 00000000.00000002.1984540330.0000000000DC8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        https://community.fastly.steamstatic.com/public/shared/images/responsive/header_logo.pngFXdg37pY22.exe, 00000000.00000003.1720846876.0000000000E06000.00000004.00000020.00020000.00000000.sdmp, FXdg37pY22.exe, 00000000.00000003.1720786437.0000000000E03000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          https://www.youtube.com/FXdg37pY22.exe, 00000000.00000002.1984540330.0000000000DC8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            http://127.0.0.1:27060FXdg37pY22.exe, 00000000.00000002.1984540330.0000000000DC8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              https://store.steampowered.com/privacy_agreement/FXdg37pY22.exe, 00000000.00000003.1720846876.0000000000E06000.00000004.00000020.00020000.00000000.sdmp, FXdg37pY22.exe, 00000000.00000003.1720786437.0000000000E03000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                https://community.fastly.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=tvQFXdg37pY22.exe, 00000000.00000003.1720846876.0000000000E06000.00000004.00000020.00020000.00000000.sdmp, FXdg37pY22.exe, 00000000.00000003.1720786437.0000000000E03000.00000004.00000020.00020000.00000000.sdmp, FXdg37pY22.exe, 00000000.00000003.1720786437.0000000000DFC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  https://community.fastly.steamstatic.com/public/javascript/global.js?v=jWc2JLWHx5Kn&l=english&amFXdg37pY22.exe, 00000000.00000003.1720846876.0000000000E06000.00000004.00000020.00020000.00000000.sdmp, FXdg37pY22.exe, 00000000.00000003.1720786437.0000000000E03000.00000004.00000020.00020000.00000000.sdmp, FXdg37pY22.exe, 00000000.00000003.1720786437.0000000000DFC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                    		high
                                                                                                                                                                    https://www.google.com/recaptcha/FXdg37pY22.exe, 00000000.00000002.1984540330.0000000000DC8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                      		high
                                                                                                                                                                      https://checkout.steampowered.com/FXdg37pY22.exe, 00000000.00000002.1984540330.0000000000DC8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                        		high
                                                                                                                                                                        https://community.fastly.steamstatic.com/public/shared/javascript/auth_refresh.js?v=w6QbwI-5-j2S&ampFXdg37pY22.exe, 00000000.00000003.1720846876.0000000000E06000.00000004.00000020.00020000.00000000.sdmp, FXdg37pY22.exe, 00000000.00000003.1720786437.0000000000E03000.00000004.00000020.00020000.00000000.sdmp, FXdg37pY22.exe, 00000000.00000003.1720786437.0000000000DFC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                          		high
                                                                                                                                                                          https://help.steampowered.com/FXdg37pY22.exe, 00000000.00000002.1984540330.0000000000DC8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                            		high
                                                                                                                                                                            https://api.steampowered.com/FXdg37pY22.exe, 00000000.00000002.1984540330.0000000000DC8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                              		high
                                                                                                                                                                              https://store.steampowered.com/points/shopFXdg37pY22.exe, 00000000.00000003.1720786437.0000000000DFC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                		high
                                                                                                                                                                                http://store.steampowered.com/account/cookiepreferences/FXdg37pY22.exe, 00000000.00000002.1984398391.0000000000D8F000.00000004.00000020.00020000.00000000.sdmp, FXdg37pY22.exe, 00000000.00000003.1720846876.0000000000E06000.00000004.00000020.00020000.00000000.sdmp, FXdg37pY22.exe, 00000000.00000003.1720971980.0000000000D8F000.00000004.00000020.00020000.00000000.sdmp, FXdg37pY22.exe, 00000000.00000003.1720786437.0000000000E03000.00000004.00000020.00020000.00000000.sdmp, FXdg37pY22.exe, 00000000.00000003.1720786437.0000000000DFC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  https://store.steampowered.com/mobileFXdg37pY22.exe, 00000000.00000003.1720846876.0000000000E06000.00000004.00000020.00020000.00000000.sdmp, FXdg37pY22.exe, 00000000.00000003.1720786437.0000000000E03000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    https://steamcommunity.com/FXdg37pY22.exe, 00000000.00000002.1984540330.0000000000DC8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                      		high
                                                                                                                                                                                      https://community.fastly.steamstatic.com/public/javascript/applications/community/main.js?v=_92TWn81FXdg37pY22.exe, 00000000.00000003.1720846876.0000000000E06000.00000004.00000020.00020000.00000000.sdmp, FXdg37pY22.exe, 00000000.00000003.1720786437.0000000000E03000.00000004.00000020.00020000.00000000.sdmp, FXdg37pY22.exe, 00000000.00000003.1720786437.0000000000DFC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                        		high
                                                                                                                                                                                        https://store.steampowered.com/;FXdg37pY22.exe, 00000000.00000002.1984540330.0000000000DC8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                          		high
                                                                                                                                                                                          https://store.steampowered.com/about/FXdg37pY22.exe, 00000000.00000003.1720786437.0000000000E03000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                            		high
                                                                                                                                                                                            https://community.fastly.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=gQHVlrK4-jX-&lFXdg37pY22.exe, 00000000.00000003.1720846876.0000000000E06000.00000004.00000020.00020000.00000000.sdmp, FXdg37pY22.exe, 00000000.00000003.1720786437.0000000000E03000.00000004.00000020.00020000.00000000.sdmp, FXdg37pY22.exe, 00000000.00000003.1720786437.0000000000DFC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                              		high

                                                                                                                                                                                              World Map of Contacted IPs

                                                                                                                                                                                              • No. of IPs < 25%
                                                                                                                                                                                              • 25% < No. of IPs < 50%
                                                                                                                                                                                              • 50% < No. of IPs < 75%
                                                                                                                                                                                              • 75% < No. of IPs

                                                                                                                                                                                              Public IPs

                                                                                                                                                                                              IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                              23.55.153.106
                                                                                                                                                                                              		steamcommunity.comUnited States
                                                                                                                                                                                              		20940AKAMAI-ASN1EUfalse

                                                                                                                                                                                              General Information

                                                                                                                                                                                              Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                              Analysis ID:1581380
                                                                                                                                                                                              Start date and time:2024-12-27 14:44:40 +01:00
                                                                                                                                                                                              Joe Sandbox product:CloudBasic
                                                                                                                                                                                              Overall analysis duration:0h 5m 50s
                                                                                                                                                                                              Hypervisor based Inspection enabled:false
                                                                                                                                                                                              Report type:full
                                                                                                                                                                                              Cookbook file name:default.jbs
                                                                                                                                                                                              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                              Run name:Run with higher sleep bypass
                                                                                                                                                                                              Number of analysed new started processes analysed:6
                                                                                                                                                                                              Number of new started drivers analysed:0
                                                                                                                                                                                              Number of existing processes analysed:0
                                                                                                                                                                                              Number of existing drivers analysed:0
                                                                                                                                                                                              Number of injected processes analysed:0
                                                                                                                                                                                              Technologies:
                                                                                                                                                                                              • HCA enabled
                                                                                                                                                                                              • EGA enabled
                                                                                                                                                                                              • AMSI enabled
                                                                                                                                                                                              Analysis Mode:default
                                                                                                                                                                                              Analysis stop reason:Timeout
                                                                                                                                                                                              Sample name:FXdg37pY22.exe
                                                                                                                                                                                              renamed because original name is a hash value
                                                                                                                                                                                              Original Sample Name:558a2574865079a1c4d69350493310df.exe
                                                                                                                                                                                              Detection:MAL
                                                                                                                                                                                              Classification:mal88.troj.winEXE@2/1@9/1
                                                                                                                                                                                              EGA Information:
                                                                                                                                                                                              • Successful, ratio: 100%
                                                                                                                                                                                              HCA Information:
                                                                                                                                                                                              • Successful, ratio: 99%
                                                                                                                                                                                              • Number of executed functions: 18
                                                                                                                                                                                              • Number of non-executed functions: 180
                                                                                                                                                                                              Cookbook Comments:
                                                                                                                                                                                              • Found application associated with file extension: .exe
                                                                                                                                                                                              • Sleeps bigger than 100000000ms are automatically reduced to 1000ms
                                                                                                                                                                                              • Sleep loops longer than 100000000ms are bypassed. Single calls with delay of 100000000ms and higher are ignored

                                                                                                                                                                                              Warnings

                                                                                                                                                                                              • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                                                                                                                                                                                              • Excluded IPs from analysis (whitelisted): 4.175.87.197, 13.107.246.63
                                                                                                                                                                                              • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                                                                                              • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                              • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                              • Report size getting too big, too many NtQueryValueKey calls found.

                                                                                                                                                                                              Simulations

                                                                                                                                                                                              Behavior and APIs

                                                                                                                                                                                              No simulations

                                                                                                                                                                                              Joe Sandbox View / Context

                                                                                                                                                                                              IPs

                                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                              23.55.153.106k0ukcEH.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                5uVReRlvME.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, PureLog Stealer, Remcos, StealcBrowse
                                                                                                                                                                                                  8WRONDszv4.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, PureLog Stealer, Stealc, zgRATBrowse
                                                                                                                                                                                                    z3IxCpcpg4.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                      GtEVo1eO2p.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                        AiaStwRBdI.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                          HJVzgKyC0y.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                            rUfr2hQGOb.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                              YhF4vhbnMW.exeGet hashmaliciousLummaCBrowse

                                                                                                                                                                                                                Domains

                                                                                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                steamcommunity.comk0ukcEH.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                • 23.55.153.106
                                                                                                                                                                                                                8WRONDszv4.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, PureLog Stealer, Stealc, zgRATBrowse
                                                                                                                                                                                                                • 23.55.153.106
                                                                                                                                                                                                                pVbAZEFIpI.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                • 104.102.49.254
                                                                                                                                                                                                                GxX48twWHA.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                • 104.102.49.254
                                                                                                                                                                                                                RUUSfr6dVm.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                • 104.102.49.254
                                                                                                                                                                                                                9idglWFv95.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                • 104.102.49.254
                                                                                                                                                                                                                tJd3ArrDAm.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                • 104.102.49.254
                                                                                                                                                                                                                gdtJGo7jH3.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                • 104.102.49.254
                                                                                                                                                                                                                oQSTpQfzz5.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                • 104.102.49.254

                                                                                                                                                                                                                ASNs

                                                                                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                AKAMAI-ASN1EUgrand-theft-auto-5-theme-1-installer_qb8W-j1.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                • 184.85.182.130
                                                                                                                                                                                                                k0ukcEH.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                • 23.55.153.106
                                                                                                                                                                                                                5uVReRlvME.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, PureLog Stealer, Remcos, StealcBrowse
                                                                                                                                                                                                                • 23.55.153.106
                                                                                                                                                                                                                8WRONDszv4.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, PureLog Stealer, Stealc, zgRATBrowse
                                                                                                                                                                                                                • 23.55.153.106
                                                                                                                                                                                                                aD7D9fkpII.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                • 23.209.72.25
                                                                                                                                                                                                                installer.batGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                • 23.209.72.7
                                                                                                                                                                                                                skript.batGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                • 2.16.158.83
                                                                                                                                                                                                                din.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                • 23.44.201.32
                                                                                                                                                                                                                lem.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                • 23.209.72.40

                                                                                                                                                                                                                JA3 Fingerprints

                                                                                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                a0e9f5d64349fb13191bc781f81f42e1OiMp3TH.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                • 23.55.153.106
                                                                                                                                                                                                                k0ukcEH.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                • 23.55.153.106
                                                                                                                                                                                                                https://online-ops.mypasschange.com/landingPage/2/fbb0559ebe1911efb53c0242ac190102Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                • 23.55.153.106
                                                                                                                                                                                                                appFile.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                • 23.55.153.106
                                                                                                                                                                                                                FloydMounts.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                • 23.55.153.106
                                                                                                                                                                                                                RDb082EApV.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                • 23.55.153.106
                                                                                                                                                                                                                GnHq2ZaBUl.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                • 23.55.153.106
                                                                                                                                                                                                                vVJvxAfBDM.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                                • 23.55.153.106
                                                                                                                                                                                                                LIWYEYWSOj.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                                • 23.55.153.106

                                                                                                                                                                                                                Dropped Files

                                                                                                                                                                                                                No context

                                                                                                                                                                                                                Created / dropped Files

                                                                                                                                                                                                                \Device\ConDrv

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\FXdg37pY22.exe
                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):10
                                                                                                                                                                                                                Entropy (8bit):3.321928094887362
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3:/FLoy:/FLl
                                                                                                                                                                                                                MD5:6E43EB4BA5DC366EE48961504A9DDC2A
                                                                                                                                                                                                                SHA1:444DFECFF6F9D4441F458A2B62DF4AF916F74887
                                                                                                                                                                                                                SHA-256:26D3A8E5B7B03427CF084AE3CD9713AD575A1921B432B02C96600B2AF7649D67
                                                                                                                                                                                                                SHA-512:13FB738CD092E000D2528B145F62C63B47DECB2424F836C3D9A08B400D8C130B56377276F5D3A0260B1611190498647454A301CAC562791F6B9703F6DAC1F305
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Reputation:low
                                                                                                                                                                                                                Preview:Got size..

                                                                                                                                                                                                                Static File Info

                                                                                                                                                                                                                General

                                                                                                                                                                                                                File type:PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                                Entropy (8bit):7.158365042147545
                                                                                                                                                                                                                TrID:
                                                                                                                                                                                                                • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                                                                • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                                • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                                                • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                                File name:FXdg37pY22.exe
                                                                                                                                                                                                                File size:874'496 bytes
                                                                                                                                                                                                                MD5:558a2574865079a1c4d69350493310df
                                                                                                                                                                                                                SHA1:e76374501315596dc32eebe8833cf1d8efeccba8
                                                                                                                                                                                                                SHA256:6c2b5ad84731b310763f541ff0b9e21b5dd698fba32e24e33dbed9278dd7b4c8
                                                                                                                                                                                                                SHA512:f4a8a88d8f527b1864fdeb2b36b0fc3407329cd8d4e50e9cdef738823cc9e13ef857c302a7984b599dd1cb0c25792d929e191e8fe9d5085e8bee1c0e36ea6b2c
                                                                                                                                                                                                                SSDEEP:24576:ztgBE/yQbXpz7pTCes2iRUyvw+1RLBXXzvNMJK/:ztwE/yQbXpz7pTCes2iw+1RxzKE
                                                                                                                                                                                                                TLSH:18058E67611390F6CC3365F2098BBAEFEA20CE1D54220A1FE7488964EBF6510757E367
                                                                                                                                                                                                                File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......................(.....T....................@.................................o.....@... ............................

                                                                                                                                                                                                                File Icon

                                                                                                                                                                                                                Icon Hash:90cececece8e8eb0

                                                                                                                                                                                                                Static PE Info

                                                                                                                                                                                                                General

                                                                                                                                                                                                                Entrypoint:0x401307
                                                                                                                                                                                                                Entrypoint Section:.text
                                                                                                                                                                                                                Digitally signed:false
                                                                                                                                                                                                                Imagebase:0x400000
                                                                                                                                                                                                                Subsystem:windows cui
                                                                                                                                                                                                                Image File Characteristics:EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, DEBUG_STRIPPED
                                                                                                                                                                                                                DLL Characteristics:DYNAMIC_BASE, NX_COMPAT
                                                                                                                                                                                                                Time Stamp:0x0 [Thu Jan 1 00:00:00 1970 UTC]
                                                                                                                                                                                                                TLS Callbacks:0x406bd9, 0x406ba8, 0x410774
                                                                                                                                                                                                                CLR (.Net) Version:
                                                                                                                                                                                                                OS Version Major:4
                                                                                                                                                                                                                OS Version Minor:0
                                                                                                                                                                                                                File Version Major:4
                                                                                                                                                                                                                File Version Minor:0
                                                                                                                                                                                                                Subsystem Version Major:4
                                                                                                                                                                                                                Subsystem Version Minor:0
                                                                                                                                                                                                                Import Hash:e83be636913a91ed7c5d5aef532bc05d

                                                                                                                                                                                                                Entrypoint Preview

                                                                                                                                                                                                                Instruction
                                                                                                                                                                                                                xor eax, eax
                                                                                                                                                                                                                mov dword ptr [00489054h], eax
                                                                                                                                                                                                                jmp 00007F5FBCF66B9Fh
                                                                                                                                                                                                                push ebp
                                                                                                                                                                                                                mov ebp, esp
                                                                                                                                                                                                                sub esp, 18h
                                                                                                                                                                                                                mov eax, dword ptr [ebp+08h]
                                                                                                                                                                                                                mov dword ptr [esp], eax
                                                                                                                                                                                                                call 00007F5FBCF73DEDh
                                                                                                                                                                                                                leave
                                                                                                                                                                                                                cmp eax, 01h
                                                                                                                                                                                                                sbb eax, eax
                                                                                                                                                                                                                ret
                                                                                                                                                                                                                nop
                                                                                                                                                                                                                push ebp
                                                                                                                                                                                                                mov ebp, esp
                                                                                                                                                                                                                sub esp, 18h
                                                                                                                                                                                                                mov dword ptr [esp], 00401340h
                                                                                                                                                                                                                call 00007F5FBCF66D6Ah
                                                                                                                                                                                                                leave
                                                                                                                                                                                                                ret
                                                                                                                                                                                                                ret
                                                                                                                                                                                                                nop
                                                                                                                                                                                                                nop
                                                                                                                                                                                                                nop
                                                                                                                                                                                                                push ebp
                                                                                                                                                                                                                mov ebp, esp
                                                                                                                                                                                                                sub esp, 10h
                                                                                                                                                                                                                mov eax, dword ptr [ebp+08h]
                                                                                                                                                                                                                mov dword ptr [ebp-08h], eax
                                                                                                                                                                                                                mov eax, dword ptr [ebp+0Ch]
                                                                                                                                                                                                                mov dword ptr [ebp-0Ch], eax
                                                                                                                                                                                                                mov dword ptr [ebp-04h], 00000000h
                                                                                                                                                                                                                jmp 00007F5FBCF66DABh
                                                                                                                                                                                                                mov edx, dword ptr [ebp-0Ch]
                                                                                                                                                                                                                mov eax, dword ptr [ebp-04h]
                                                                                                                                                                                                                add eax, edx
                                                                                                                                                                                                                mov ecx, dword ptr [ebp-08h]
                                                                                                                                                                                                                mov edx, dword ptr [ebp-04h]
                                                                                                                                                                                                                add edx, ecx
                                                                                                                                                                                                                movzx eax, byte ptr [eax]
                                                                                                                                                                                                                mov byte ptr [edx], al
                                                                                                                                                                                                                add dword ptr [ebp-04h], 01h
                                                                                                                                                                                                                mov eax, dword ptr [ebp-04h]
                                                                                                                                                                                                                cmp eax, dword ptr [ebp+10h]
                                                                                                                                                                                                                jc 00007F5FBCF66D71h
                                                                                                                                                                                                                nop
                                                                                                                                                                                                                nop
                                                                                                                                                                                                                leave
                                                                                                                                                                                                                ret
                                                                                                                                                                                                                push ebp
                                                                                                                                                                                                                mov ebp, esp
                                                                                                                                                                                                                push edi
                                                                                                                                                                                                                push esi
                                                                                                                                                                                                                push ebx
                                                                                                                                                                                                                sub esp, 000001CCh
                                                                                                                                                                                                                mov dword ptr [ebp-000001A4h], 00477FE8h
                                                                                                                                                                                                                mov dword ptr [ebp-000001A0h], 00479828h
                                                                                                                                                                                                                lea eax, dword ptr [ebp-0000019Ch]
                                                                                                                                                                                                                mov dword ptr [eax], ebp
                                                                                                                                                                                                                mov edx, 004017B1h
                                                                                                                                                                                                                mov dword ptr [eax+04h], edx
                                                                                                                                                                                                                mov dword ptr [eax+08h], esp
                                                                                                                                                                                                                lea eax, dword ptr [ebp-000001BCh]
                                                                                                                                                                                                                mov dword ptr [esp], eax
                                                                                                                                                                                                                call 00007F5FBCF6D47Fh
                                                                                                                                                                                                                mov dword ptr [ebp-34h], 0000000Ah
                                                                                                                                                                                                                mov eax, dword ptr [ebp-34h]

                                                                                                                                                                                                                Data Directories

                                                                                                                                                                                                                NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_IMPORT0x8a0000xe0c.idata
                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_RESOURCE0x8d0000x498b4.rsrc
                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_BASERELOC0xd70000x4944.reloc
                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_TLS0x818580x18.rdata
                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_IAT0x8a2580x208.idata
                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                Sections

                                                                                                                                                                                                                NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                .text0x10000x7a2500x7a4000d972b9e1bc2abf7a9f03fe4766abbcbFalse0.3918352185582822data6.311758769777413IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                .data0x7c0000x13100x140036b77a8f6136b5b74274f9bc33537e58False0.0650390625data0.6881509775359347IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                .rdata0x7e0000xa3d80xa400d36ab0e2944028d344c50b0c6474639aFalse0.2950171493902439data5.54306110763306IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                .bss0x890000xad40x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                .idata0x8a0000xe0c0x1000d540bee2b9f5c9784a265aefb5468f43False0.296630859375data4.42433236204921IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                .CRT0x8b0000x340x2001d1527587aa546cad1face2659be5dfdFalse0.068359375data0.28187555731160896IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                .tls0x8c0000x80x200bf619eac0cdf3f68d496ea9344137e8bFalse0.02734375data0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                .rsrc0x8d0000x498b40x49a00095f9aaa3530a8789f549778641a4f6aFalse0.8771653491086587Matlab v4 mat-file (little endian) \300, numeric, rows 0, columns 4, imaginary7.729467197642069IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                .reloc0xd70000x49440x4a0092dfc814a99b9bb6a2d957cdb1e3ea7aFalse0.65625data6.633200714215997IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                                Resources

                                                                                                                                                                                                                NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                4W{RU|W{W=NVPF<ZU0x8d8940x2592data0.912975670617592
                                                                                                                                                                                                                9E]KH:WS7XGS{=IURU0x8fe280x1e5bdata0.9496847252605842
                                                                                                                                                                                                                9WMG{7ZNYN;OSZMUENJV0x91c840x1743data0.929471032745592
                                                                                                                                                                                                                E49X0x933c80x70ASCII text, with no line terminators0.7767857142857143
                                                                                                                                                                                                                EHLRZ9Y0x934380x21a5data0.8482526413560897
                                                                                                                                                                                                                FLRV0x955e00x864data0.9604283054003724
                                                                                                                                                                                                                HF4WKKEMVQ\\FWV^;[50x95e440x368data1.0126146788990826
                                                                                                                                                                                                                IYSS|FNJT0x961ac0x2e16data0.9175283946431598
                                                                                                                                                                                                                IYVY0x98fc40x197ASCII text0.8083538083538083
                                                                                                                                                                                                                JH\I\ZY[Q}<TFJ0x9915c0x20c6bdata0.8778184147604114
                                                                                                                                                                                                                JRNTN]FFFEXR<0xb9dc80x2874data0.9003476245654692
                                                                                                                                                                                                                K47~HH~GWIZ\9WYVNOM0xbc63c0x2adddata0.9037637838330448
                                                                                                                                                                                                                KZZKMXI6T=W0xbf11c0x365dOpenPGP Public Key0.9056549543723503
                                                                                                                                                                                                                MNYT0xc277c0x3008data0.9076935588809368
                                                                                                                                                                                                                N<UH[6|LQV0xc57840x26fcdata0.8967935871743486
                                                                                                                                                                                                                NIFNKR4KI[{U0xc7e800x101bdata0.8011156924569488
                                                                                                                                                                                                                QX{GZ]WVJVROMSLHF8U0xc8e9c0x12c3data0.929419113054341
                                                                                                                                                                                                                UQUIO7R|RR~|NEI9U0xca1600x38f4data0.9065157750342936
                                                                                                                                                                                                                WO::TJJFU\6FLL9YW6TE4E0xcda540x28bedata0.9165867689357622
                                                                                                                                                                                                                [=HZF6IWY]0xd03140x1752data0.9152428810720268
                                                                                                                                                                                                                |H8XZ[H9IOQJ~0xd1a680x2a84data0.9167585446527012
                                                                                                                                                                                                                |MGUZKQ;E80xd44ec0x23c6data0.9081677222100896

                                                                                                                                                                                                                Imports

                                                                                                                                                                                                                DLLImport
                                                                                                                                                                                                                KERNEL32.dllCloseHandle, CreateEventA, CreateFileMappingA, CreateSemaphoreA, DeleteCriticalSection, DuplicateHandle, EnterCriticalSection, FindResourceA, FormatMessageA, GetConsoleWindow, GetCurrentProcess, GetCurrentProcessId, GetCurrentThread, GetCurrentThreadId, GetHandleInformation, GetLastError, GetModuleHandleA, GetModuleHandleW, GetProcAddress, GetProcessAffinityMask, GetSystemTimeAsFileTime, GetThreadContext, GetThreadPriority, GetTickCount, InitializeCriticalSection, IsDBCSLeadByteEx, IsDebuggerPresent, LeaveCriticalSection, LoadLibraryA, LoadLibraryW, LoadResource, LocalFree, LockResource, MapViewOfFile, MultiByteToWideChar, OpenProcess, OutputDebugStringA, QueryPerformanceCounter, QueryPerformanceFrequency, RaiseException, ReleaseSemaphore, ResetEvent, ResumeThread, SetEvent, SetLastError, SetProcessAffinityMask, SetThreadContext, SetThreadPriority, SetUnhandledExceptionFilter, SizeofResource, Sleep, SuspendThread, TlsAlloc, TlsGetValue, TlsSetValue, TryEnterCriticalSection, UnmapViewOfFile, VirtualProtect, VirtualQuery, WaitForMultipleObjects, WaitForSingleObject, WideCharToMultiByte
                                                                                                                                                                                                                msvcrt.dll__getmainargs, __initenv, __mb_cur_max, __p__commode, __p__fmode, __set_app_type, __setusermatherr, _amsg_exit, _beginthreadex, _cexit, _endthreadex, _errno, _initterm, _iob, _lock, _onexit, _setjmp3, _unlock, _vsnprintf, _vsnwprintf, abort, atoi, calloc, exit, fgetwc, fprintf, fputc, fputs, free, getc, getenv, iswctype, localeconv, longjmp, malloc, memchr, memcmp, memcpy, memmove, memset, printf, realloc, setlocale, signal, strchr, strcmp, strcoll, strcpy, strerror, strftime, strlen, strncmp, strtol, strtoul, strxfrm, towlower, towupper, vfprintf, wcscoll, wcsftime, wcslen, wcsxfrm, _strdup, _read
                                                                                                                                                                                                                USER32.dllShowWindow

                                                                                                                                                                                                                Network Behavior

                                                                                                                                                                                                                Suricata IDS Alerts

                                                                                                                                                                                                                TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                                                                2024-12-27T14:45:33.083733+01002057925ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (covery-mover .biz)1192.168.2.4582611.1.1.153UDP
                                                                                                                                                                                                                2024-12-27T14:45:33.083733+01002057973ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (covery-mover .biz)1192.168.2.4582611.1.1.153UDP
                                                                                                                                                                                                                2024-12-27T14:45:33.227398+01002057945ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (se-blurry .biz)1192.168.2.4501211.1.1.153UDP
                                                                                                                                                                                                                2024-12-27T14:45:33.227398+01002057983ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (se-blurry .biz)1192.168.2.4501211.1.1.153UDP
                                                                                                                                                                                                                2024-12-27T14:45:33.368984+01002057949ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (zinc-sneark .biz)1192.168.2.4520521.1.1.153UDP
                                                                                                                                                                                                                2024-12-27T14:45:33.368984+01002057981ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (zinc-sneark .biz)1192.168.2.4520521.1.1.153UDP
                                                                                                                                                                                                                2024-12-27T14:45:33.509952+01002057929ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (dwell-exclaim .biz)1192.168.2.4600311.1.1.153UDP
                                                                                                                                                                                                                2024-12-27T14:45:33.509952+01002057979ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (dwell-exclaim .biz)1192.168.2.4600311.1.1.153UDP
                                                                                                                                                                                                                2024-12-27T14:45:33.748806+01002057931ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (formy-spill .biz)1192.168.2.4626851.1.1.153UDP
                                                                                                                                                                                                                2024-12-27T14:45:33.748806+01002057977ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (formy-spill .biz)1192.168.2.4626851.1.1.153UDP
                                                                                                                                                                                                                2024-12-27T14:45:33.891288+01002057927ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (dare-curbys .biz)1192.168.2.4600371.1.1.153UDP
                                                                                                                                                                                                                2024-12-27T14:45:33.891288+01002057975ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (dare-curbys .biz)1192.168.2.4600371.1.1.153UDP
                                                                                                                                                                                                                2024-12-27T14:45:34.033916+01002057943ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (print-vexer .biz)1192.168.2.4541461.1.1.153UDP
                                                                                                                                                                                                                2024-12-27T14:45:34.033916+01002057971ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (print-vexer .biz)1192.168.2.4541461.1.1.153UDP
                                                                                                                                                                                                                2024-12-27T14:45:34.177839+01002057935ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (impend-differ .biz)1192.168.2.4573751.1.1.153UDP
                                                                                                                                                                                                                2024-12-27T14:45:34.177839+01002057969ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (impend-differ .biz)1192.168.2.4573751.1.1.153UDP
                                                                                                                                                                                                                2024-12-27T14:45:35.926885+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.44973023.55.153.106443TCP
                                                                                                                                                                                                                2024-12-27T14:45:36.743987+01002858666ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup1192.168.2.44973023.55.153.106443TCP

                                                                                                                                                                                                                Network Port Distribution

                                                                                                                                                                                                                TCP Packets

                                                                                                                                                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                Dec 27, 2024 14:45:34.498202085 CET49730443192.168.2.423.55.153.106
                                                                                                                                                                                                                Dec 27, 2024 14:45:34.498331070 CET4434973023.55.153.106192.168.2.4
                                                                                                                                                                                                                Dec 27, 2024 14:45:34.498421907 CET49730443192.168.2.423.55.153.106
                                                                                                                                                                                                                Dec 27, 2024 14:45:34.501208067 CET49730443192.168.2.423.55.153.106
                                                                                                                                                                                                                Dec 27, 2024 14:45:34.501244068 CET4434973023.55.153.106192.168.2.4
                                                                                                                                                                                                                Dec 27, 2024 14:45:35.926726103 CET4434973023.55.153.106192.168.2.4
                                                                                                                                                                                                                Dec 27, 2024 14:45:35.926884890 CET49730443192.168.2.423.55.153.106
                                                                                                                                                                                                                Dec 27, 2024 14:45:35.929943085 CET49730443192.168.2.423.55.153.106
                                                                                                                                                                                                                Dec 27, 2024 14:45:35.929968119 CET4434973023.55.153.106192.168.2.4
                                                                                                                                                                                                                Dec 27, 2024 14:45:35.930347919 CET4434973023.55.153.106192.168.2.4
                                                                                                                                                                                                                Dec 27, 2024 14:45:35.978148937 CET49730443192.168.2.423.55.153.106
                                                                                                                                                                                                                Dec 27, 2024 14:45:36.023339033 CET4434973023.55.153.106192.168.2.4
                                                                                                                                                                                                                Dec 27, 2024 14:45:36.743371010 CET4434973023.55.153.106192.168.2.4
                                                                                                                                                                                                                Dec 27, 2024 14:45:36.743400097 CET4434973023.55.153.106192.168.2.4
                                                                                                                                                                                                                Dec 27, 2024 14:45:36.743436098 CET4434973023.55.153.106192.168.2.4
                                                                                                                                                                                                                Dec 27, 2024 14:45:36.743458986 CET4434973023.55.153.106192.168.2.4
                                                                                                                                                                                                                Dec 27, 2024 14:45:36.743470907 CET49730443192.168.2.423.55.153.106
                                                                                                                                                                                                                Dec 27, 2024 14:45:36.743478060 CET4434973023.55.153.106192.168.2.4
                                                                                                                                                                                                                Dec 27, 2024 14:45:36.743531942 CET4434973023.55.153.106192.168.2.4
                                                                                                                                                                                                                Dec 27, 2024 14:45:36.743576050 CET49730443192.168.2.423.55.153.106
                                                                                                                                                                                                                Dec 27, 2024 14:45:36.743576050 CET49730443192.168.2.423.55.153.106
                                                                                                                                                                                                                Dec 27, 2024 14:45:36.743609905 CET49730443192.168.2.423.55.153.106
                                                                                                                                                                                                                Dec 27, 2024 14:45:36.916578054 CET4434973023.55.153.106192.168.2.4
                                                                                                                                                                                                                Dec 27, 2024 14:45:36.916635036 CET4434973023.55.153.106192.168.2.4
                                                                                                                                                                                                                Dec 27, 2024 14:45:36.916707993 CET4434973023.55.153.106192.168.2.4
                                                                                                                                                                                                                Dec 27, 2024 14:45:36.916738033 CET49730443192.168.2.423.55.153.106
                                                                                                                                                                                                                Dec 27, 2024 14:45:36.916738987 CET49730443192.168.2.423.55.153.106
                                                                                                                                                                                                                Dec 27, 2024 14:45:36.916804075 CET49730443192.168.2.423.55.153.106
                                                                                                                                                                                                                Dec 27, 2024 14:45:36.918525934 CET49730443192.168.2.423.55.153.106
                                                                                                                                                                                                                Dec 27, 2024 14:45:36.918570042 CET4434973023.55.153.106192.168.2.4
                                                                                                                                                                                                                Dec 27, 2024 14:45:36.918598890 CET49730443192.168.2.423.55.153.106
                                                                                                                                                                                                                Dec 27, 2024 14:45:36.918612957 CET4434973023.55.153.106192.168.2.4

                                                                                                                                                                                                                UDP Packets

                                                                                                                                                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                Dec 27, 2024 14:45:33.083733082 CET5826153192.168.2.41.1.1.1
                                                                                                                                                                                                                Dec 27, 2024 14:45:33.222868919 CET53582611.1.1.1192.168.2.4
                                                                                                                                                                                                                Dec 27, 2024 14:45:33.227397919 CET5012153192.168.2.41.1.1.1
                                                                                                                                                                                                                Dec 27, 2024 14:45:33.365679979 CET53501211.1.1.1192.168.2.4
                                                                                                                                                                                                                Dec 27, 2024 14:45:33.368983984 CET5205253192.168.2.41.1.1.1
                                                                                                                                                                                                                Dec 27, 2024 14:45:33.506618977 CET53520521.1.1.1192.168.2.4
                                                                                                                                                                                                                Dec 27, 2024 14:45:33.509952068 CET6003153192.168.2.41.1.1.1
                                                                                                                                                                                                                Dec 27, 2024 14:45:33.745313883 CET53600311.1.1.1192.168.2.4
                                                                                                                                                                                                                Dec 27, 2024 14:45:33.748806000 CET6268553192.168.2.41.1.1.1
                                                                                                                                                                                                                Dec 27, 2024 14:45:33.886710882 CET53626851.1.1.1192.168.2.4
                                                                                                                                                                                                                Dec 27, 2024 14:45:33.891288042 CET6003753192.168.2.41.1.1.1
                                                                                                                                                                                                                Dec 27, 2024 14:45:34.028481960 CET53600371.1.1.1192.168.2.4
                                                                                                                                                                                                                Dec 27, 2024 14:45:34.033915997 CET5414653192.168.2.41.1.1.1
                                                                                                                                                                                                                Dec 27, 2024 14:45:34.171926022 CET53541461.1.1.1192.168.2.4
                                                                                                                                                                                                                Dec 27, 2024 14:45:34.177839041 CET5737553192.168.2.41.1.1.1
                                                                                                                                                                                                                Dec 27, 2024 14:45:34.315690041 CET53573751.1.1.1192.168.2.4
                                                                                                                                                                                                                Dec 27, 2024 14:45:34.319916964 CET5516353192.168.2.41.1.1.1
                                                                                                                                                                                                                Dec 27, 2024 14:45:34.457918882 CET53551631.1.1.1192.168.2.4

                                                                                                                                                                                                                DNS Queries

                                                                                                                                                                                                                TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                Dec 27, 2024 14:45:33.083733082 CET192.168.2.41.1.1.10x6bbcStandard query (0)covery-mover.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                Dec 27, 2024 14:45:33.227397919 CET192.168.2.41.1.1.10x64dcStandard query (0)se-blurry.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                Dec 27, 2024 14:45:33.368983984 CET192.168.2.41.1.1.10x42e7Standard query (0)zinc-sneark.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                Dec 27, 2024 14:45:33.509952068 CET192.168.2.41.1.1.10x430Standard query (0)dwell-exclaim.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                Dec 27, 2024 14:45:33.748806000 CET192.168.2.41.1.1.10xfc49Standard query (0)formy-spill.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                Dec 27, 2024 14:45:33.891288042 CET192.168.2.41.1.1.10xa09bStandard query (0)dare-curbys.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                Dec 27, 2024 14:45:34.033915997 CET192.168.2.41.1.1.10xe80bStandard query (0)print-vexer.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                Dec 27, 2024 14:45:34.177839041 CET192.168.2.41.1.1.10xde45Standard query (0)impend-differ.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                Dec 27, 2024 14:45:34.319916964 CET192.168.2.41.1.1.10xcbfStandard query (0)steamcommunity.comA (IP address)IN (0x0001)false

                                                                                                                                                                                                                DNS Answers

                                                                                                                                                                                                                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                Dec 27, 2024 14:45:33.222868919 CET1.1.1.1192.168.2.40x6bbcName error (3)covery-mover.biznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                Dec 27, 2024 14:45:33.365679979 CET1.1.1.1192.168.2.40x64dcName error (3)se-blurry.biznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                Dec 27, 2024 14:45:33.506618977 CET1.1.1.1192.168.2.40x42e7Name error (3)zinc-sneark.biznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                Dec 27, 2024 14:45:33.745313883 CET1.1.1.1192.168.2.40x430Name error (3)dwell-exclaim.biznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                Dec 27, 2024 14:45:33.886710882 CET1.1.1.1192.168.2.40xfc49Name error (3)formy-spill.biznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                Dec 27, 2024 14:45:34.028481960 CET1.1.1.1192.168.2.40xa09bName error (3)dare-curbys.biznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                Dec 27, 2024 14:45:34.171926022 CET1.1.1.1192.168.2.40xe80bName error (3)print-vexer.biznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                Dec 27, 2024 14:45:34.315690041 CET1.1.1.1192.168.2.40xde45Name error (3)impend-differ.biznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                Dec 27, 2024 14:45:34.457918882 CET1.1.1.1192.168.2.40xcbfNo error (0)steamcommunity.com23.55.153.106A (IP address)IN (0x0001)false

                                                                                                                                                                                                                HTTP Request Dependency Graph

                                                                                                                                                                                                                • steamcommunity.com

                                                                                                                                                                                                                HTTPS Proxied Packets

                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                0192.168.2.44973023.55.153.1064437532C:\Users\user\Desktop\FXdg37pY22.exe
                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                2024-12-27 13:45:35 UTC219OUTGET /profiles/76561199724331900 HTTP/1.1
                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                Host: steamcommunity.com
                                                                                                                                                                                                                2024-12-27 13:45:36 UTC1905INHTTP/1.1 200 OK
                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq. [TRUNCATED]
                                                                                                                                                                                                                Expires: Mon, 26 Jul 1997 05:00:00 GMT
                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                Date: Fri, 27 Dec 2024 13:45:36 GMT
                                                                                                                                                                                                                Content-Length: 25665
                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                Set-Cookie: sessionid=92a1a361b202cb6cfdfd0a5b; Path=/; Secure; SameSite=None
                                                                                                                                                                                                                Set-Cookie: steamCountry=US%7C185ce35c568ebbb18a145d0cabae7186; Path=/; Secure; HttpOnly; SameSite=None
                                                                                                                                                                                                                2024-12-27 13:45:36 UTC14479INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0a 09 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 37 31 61 32 31 22 3e 0a 09 09 3c 74 69 74 6c 65 3e
                                                                                                                                                                                                                Data Ascii: <!DOCTYPE html><html class=" responsive" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="theme-color" content="#171a21"><title>
                                                                                                                                                                                                                2024-12-27 13:45:36 UTC10097INData Raw: 3f 6c 3d 6b 6f 72 65 61 6e 61 22 20 6f 6e 63 6c 69 63 6b 3d 22 43 68 61 6e 67 65 4c 61 6e 67 75 61 67 65 28 20 27 6b 6f 72 65 61 6e 61 27 20 29 3b 20 72 65 74 75 72 6e 20 66 61 6c 73 65 3b 22 3e ed 95 9c ea b5 ad ec 96 b4 20 28 4b 6f 72 65 61 6e 29 3c 2f 61 3e 0a 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 70 6f 70 75 70 5f 6d 65 6e 75 5f 69 74 65 6d 20 74 69 67 68 74 22 20 68 72 65 66 3d 22 3f 6c 3d 74 68 61 69 22 20 6f 6e 63 6c 69 63 6b 3d 22 43 68 61 6e 67 65 4c 61 6e 67 75 61 67 65 28 20 27 74 68 61 69 27 20 29 3b 20 72 65 74 75 72 6e 20 66 61 6c 73 65 3b 22 3e e0 b9 84 e0 b8 97 e0 b8 a2 20 28 54 68 61 69 29 3c 2f 61 3e 0a 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09
                                                                                                                                                                                                                Data Ascii: ?l=koreana" onclick="ChangeLanguage( 'koreana' ); return false;"> (Korean)</a><a class="popup_menu_item tight" href="?l=thai" onclick="ChangeLanguage( 'thai' ); return false;"> (Thai)</a>
                                                                                                                                                                                                                2024-12-27 13:45:36 UTC1089INData Raw: 68 65 69 72 20 72 65 73 70 65 63 74 69 76 65 20 6f 77 6e 65 72 73 20 69 6e 20 74 68 65 20 55 53 20 61 6e 64 20 6f 74 68 65 72 20 63 6f 75 6e 74 72 69 65 73 2e 3c 62 72 2f 3e 53 6f 6d 65 20 67 65 6f 73 70 61 74 69 61 6c 20 64 61 74 61 20 6f 6e 20 74 68 69 73 20 77 65 62 73 69 74 65 20 69 73 20 70 72 6f 76 69 64 65 64 20 62 79 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 74 65 61 6d 63 6f 6d 6d 75 6e 69 74 79 2e 63 6f 6d 2f 6c 69 6e 6b 66 69 6c 74 65 72 2f 3f 75 3d 68 74 74 70 25 33 41 25 32 46 25 32 46 77 77 77 2e 67 65 6f 6e 61 6d 65 73 2e 6f 72 67 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 20 72 65 6c 3d 22 20 6e 6f 6f 70 65 6e 65 72 22 3e 67 65 6f 6e 61 6d 65 73 2e 6f 72 67 3c 2f 61 3e 2e 09 09 09 09 09 3c 62 72 3e 0a 09 09 09 09 09
                                                                                                                                                                                                                Data Ascii: heir respective owners in the US and other countries.<br/>Some geospatial data on this website is provided by <a href="https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org" target="_blank" rel=" noopener">geonames.org</a>.<br>


                                                                                                                                                                                                                Statistics

                                                                                                                                                                                                                CPU Usage

                                                                                                                                                                                                                Click to jump to process

                                                                                                                                                                                                                Memory Usage

                                                                                                                                                                                                                Click to jump to process

                                                                                                                                                                                                                Behavior

                                                                                                                                                                                                                Click to jump to process

                                                                                                                                                                                                                System Behavior

                                                                                                                                                                                                                General

                                                                                                                                                                                                                Target ID:0
                                                                                                                                                                                                                Start time:08:45:31
                                                                                                                                                                                                                Start date:27/12/2024
                                                                                                                                                                                                                Path:C:\Users\user\Desktop\FXdg37pY22.exe
                                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                                Commandline:"C:\Users\user\Desktop\FXdg37pY22.exe"
                                                                                                                                                                                                                Imagebase:0x8b0000
                                                                                                                                                                                                                File size:874'496 bytes
                                                                                                                                                                                                                MD5 hash:558A2574865079A1C4D69350493310DF
                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                Reputation:low
                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                General

                                                                                                                                                                                                                Target ID:1
                                                                                                                                                                                                                Start time:08:45:31
                                                                                                                                                                                                                Start date:27/12/2024
                                                                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                Reputation:high
                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                Disassembly

                                                                                                                                                                                                                Reset < >

                                                                                                                                                                                                                  Execution Graph

                                                                                                                                                                                                                  Execution Coverage:1.8%
                                                                                                                                                                                                                  Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                  Signature Coverage:4.4%
                                                                                                                                                                                                                  Total number of Nodes:434
                                                                                                                                                                                                                  Total number of Limit Nodes:18
                                                                                                                                                                                                                  execution_graph 71777 c9bb4f 71778 c9bb70 71777->71778 71778->71778 71779 c9bbbe 71778->71779 71781 c9b480 LdrInitializeThunk 71778->71781 71781->71779 71782 c6a960 71785 c6a990 71782->71785 71783 c6ae26 71785->71783 71785->71785 71786 c99b60 71785->71786 71787 c99b73 71786->71787 71788 c99b75 71786->71788 71787->71783 71789 c99b7a RtlFreeHeap 71788->71789 71789->71783 71790 c9b781 71792 c9b822 71790->71792 71791 c9bace 71792->71791 71794 c9b480 LdrInitializeThunk 71792->71794 71794->71791 71795 c951c0 71797 c951dd 71795->71797 71796 c95219 71797->71796 71799 c9b480 LdrInitializeThunk 71797->71799 71799->71797 71800 c99b40 71803 c9ca60 71800->71803 71802 c99b4a RtlAllocateHeap 71804 c9ca80 71803->71804 71804->71802 71804->71804 71810 c9d920 71812 c9d940 71810->71812 71811 c9da2e 71814 c9d98e 71812->71814 71816 c9b480 LdrInitializeThunk 71812->71816 71814->71811 71817 c9b480 LdrInitializeThunk 71814->71817 71816->71814 71817->71811 71818 c9b720 GetForegroundWindow 71822 c9d320 71818->71822 71820 c9b72e GetForegroundWindow 71821 c9b74e 71820->71821 71823 c9d330 71822->71823 71823->71820 71824 8b1127 71825 8b113a 71824->71825 71826 8b114a Sleep 71825->71826 71827 8b115a 71825->71827 71826->71825 71828 8b116b _amsg_exit 71827->71828 71829 8b1179 71827->71829 71830 8b11a2 71828->71830 71829->71830 71831 8b1182 _initterm 71829->71831 71832 8b11b4 _initterm 71830->71832 71835 8b11d2 71830->71835 71831->71830 71832->71835 71849 8b6e43 71835->71849 71836 8b1223 71837 8b1228 malloc 71836->71837 71838 8b1248 71837->71838 71839 8b127f 71838->71839 71840 8b124d strlen malloc 71838->71840 71857 8b6b8d 71839->71857 71840->71838 71842 8b129c 71862 8b1b11 71842->71862 71845 8b12d9 71847 8b12e2 _cexit 71845->71847 71848 8b12e7 71845->71848 71846 8b12d1 exit 71846->71845 71847->71848 71850 8b1202 SetUnhandledExceptionFilter 71849->71850 71851 8b6e5c 71849->71851 71850->71836 71851->71850 71852 8b6ed6 71851->71852 71855 8b6f11 71851->71855 71852->71850 71853 8b705c VirtualProtect 71852->71853 71853->71852 71877 8b6ccc 6 API calls 71855->71877 71878 8b6ccc 6 API calls 71855->71878 71858 8b6ba2 71857->71858 71859 8b6b4c 71857->71859 71858->71842 71879 8b1313 _onexit 71859->71879 71861 8b6b87 71861->71842 71880 8b7aaf 71862->71880 71865 8b6b8d _onexit 71866 8b1b56 71865->71866 71888 8b1384 71866->71888 71870 8b1b67 71929 8c6f8c 71870->71929 71877->71851 71878->71851 71879->71861 71881 8b7ac2 71880->71881 71882 8b7ac7 71880->71882 71945 8b7937 71881->71945 71885 8b1b51 71882->71885 71948 8c054c 27 API calls 71882->71948 71885->71865 71886 8b7add 71949 8c05aa 29 API calls 71886->71949 71889 8b7aaf 36 API calls 71888->71889 71890 8b13c5 71889->71890 72040 8c6bdc 71890->72040 71892 8b13f0 72047 915e34 71892->72047 71894 8b1442 71896 8b1481 71894->71896 72090 914cb8 49 API calls 71894->72090 72058 91c8bc 71896->72058 71898 8b14cb 72069 925538 71898->72069 71900 8b150a 71903 8b153c 71900->71903 72077 91e930 71900->72077 72081 8c50d0 71903->72081 71904 925538 50 API calls 71911 8b1569 71904->71911 71905 8b176e 72085 8c6ca0 71905->72085 71908 8b7b05 34 API calls 71909 8b18bf 71908->71909 71912 8b18c7 71909->71912 71910 91e930 48 API calls 71910->71911 71911->71904 71911->71905 71911->71910 71913 8b7aaf 36 API calls 71912->71913 71914 8b1908 71913->71914 71915 8c6bdc 49 API calls 71914->71915 71916 8b196e 71915->71916 72248 8c6adc 71916->72248 71918 8b1a1b GetConsoleWindow 71920 8b1a48 71918->71920 71919 8b19a2 71919->71918 71921 912da8 36 API calls 71920->71921 71922 8b1a58 71921->71922 71923 8c6ca0 36 API calls 71922->71923 71924 8b1a62 71923->71924 71925 8c7130 36 API calls 71924->71925 71926 8b1a6c 71925->71926 71927 8b7b05 34 API calls 71926->71927 71928 8b1b09 71927->71928 71928->71870 72316 8c702c CreateFileMappingA MapViewOfFile CloseHandle 71929->72316 71931 8c6fb8 72318 8c6d18 71931->72318 71934 8c7130 71935 8b7aaf 36 API calls 71934->71935 71937 8c7152 71935->71937 71936 8b7b05 34 API calls 71938 8b1b93 71936->71938 71937->71936 71939 8b7b05 71938->71939 71940 8b7a50 71939->71940 71941 8b7a67 71940->71941 71942 8b7937 30 API calls 71940->71942 71943 8b12c3 71941->71943 72323 8c05aa 29 API calls 71941->72323 71942->71941 71943->71845 71943->71846 71950 8c0ae2 71945->71950 71948->71886 71949->71885 71951 8c0aff 71950->71951 71952 8b7951 71950->71952 71951->71952 71968 8bfb21 71951->71968 71952->71882 71954 8c0b10 71955 8c0b5c 71954->71955 71956 8c0b23 71954->71956 71957 8c0b4f 71955->71957 71961 8c0b71 fprintf 71955->71961 71973 8c0ace 71956->71973 71976 8bf7b0 71957->71976 71961->71957 71963 8c0ace 25 API calls 71965 8c0b3f 71963->71965 71967 8c0ace 25 API calls 71965->71967 71966 8c0b9b 71966->71952 71967->71957 71970 8bfb3a 71968->71970 71969 8bfb4f calloc 71971 8bfb72 71969->71971 71970->71969 71972 8bfb8f 71970->71972 71971->71972 71972->71954 71984 8bff35 71973->71984 72033 8bf621 71976->72033 71978 8bf7c0 71979 8bf7db GetCurrentThreadId 71978->71979 71981 8bf7ef 71978->71981 71982 8bf7f6 71978->71982 71979->71981 71979->71982 71980 8bf80e SetEvent 71980->71982 71981->71980 71981->71982 71983 8bfcc9 CloseHandle free free fprintf 71982->71983 71983->71966 71998 8bfeac 71984->71998 71987 8c003e 71987->71963 71988 8bff5c 72010 8bfd82 71988->72010 71991 8bff6b GetCurrentThreadId CreateEventA 72023 8bfe4a 71991->72023 71995 8bffcf DuplicateHandle 71996 8c0005 GetThreadPriority TlsSetValue 71995->71996 71997 8c0000 abort 71995->71997 71996->71987 71996->71997 71997->71996 71999 8bfeb5 71998->71999 72000 8bff26 TlsGetValue 71998->72000 72001 8bfb21 calloc 71999->72001 72000->71987 72000->71988 72002 8bfec8 72001->72002 72003 8bfedf 72002->72003 72004 8bfef0 72002->72004 72029 8bfcae TlsAlloc abort 72003->72029 72005 8bfee4 72004->72005 72006 8bfef5 fprintf 72004->72006 72008 8bf7b0 4 API calls 72005->72008 72006->72005 72008->72000 72011 8bfd96 72010->72011 72012 8bfda0 calloc 72011->72012 72013 8bfdd7 72011->72013 72014 8bfe0b 72012->72014 72015 8bfdba 72012->72015 72031 8bfba8 malloc realloc memmove 72013->72031 72017 8bf7b0 4 API calls 72014->72017 72030 8bfba8 malloc realloc memmove 72015->72030 72019 8bfe17 72017->72019 72019->71987 72019->71991 72020 8bfdbf 72021 8bfdcd free 72020->72021 72022 8bfdc3 72020->72022 72021->72014 72022->72014 72024 8bfe5c 72023->72024 72025 8bfe9f GetCurrentThread 72024->72025 72026 8bfe5f GetCurrentThreadId 72024->72026 72025->71995 72032 8bfe20 _vsnprintf 72026->72032 72028 8bfe90 OutputDebugStringA abort 72028->72025 72029->72005 72030->72020 72031->72022 72032->72028 72034 8bf5c0 malloc 72033->72034 72035 8bf62d 72033->72035 72037 8bf618 72034->72037 72038 8bf5de 72034->72038 72035->71978 72037->71978 72038->72037 72039 8bf60e free 72038->72039 72039->72037 72041 8b7aaf 36 API calls 72040->72041 72042 8c6c11 72041->72042 72091 8c6a68 72042->72091 72045 8b7b05 34 API calls 72046 8c6c95 72045->72046 72046->71892 72048 8b7aaf 36 API calls 72047->72048 72049 915e69 72048->72049 72050 915ea7 72049->72050 72117 928654 48 API calls 72049->72117 72105 9002e4 72050->72105 72053 915eb9 72108 914470 72053->72108 72056 8b7b05 34 API calls 72057 915f12 72056->72057 72057->71894 72059 8b7aaf 36 API calls 72058->72059 72060 91c8eb 72059->72060 72124 8f9e34 72060->72124 72066 91c95e 72067 8b7b05 34 API calls 72066->72067 72068 91c96a 72067->72068 72068->71898 72070 925550 72069->72070 72071 925555 72069->72071 72186 9285f4 45 API calls 72070->72186 72074 92555b 72071->72074 72187 8cedb4 memcmp 72071->72187 72174 925594 72074->72174 72076 92558c 72076->71900 72078 91e940 72077->72078 72191 8c77c8 72078->72191 72082 8c50ee 72081->72082 72209 8b8348 72082->72209 72231 912da8 72085->72231 72090->71896 72096 912c84 72091->72096 72093 8c6a7e 72094 8c6abe 72093->72094 72099 912ca8 49 API calls 72093->72099 72094->72045 72100 91294c 72096->72100 72099->72093 72101 8b7aaf 36 API calls 72100->72101 72102 91296e 72101->72102 72103 8b7b05 34 API calls 72102->72103 72104 9129cb 72103->72104 72104->72093 72106 900300 strlen 72105->72106 72107 9002f3 72105->72107 72106->72107 72107->72053 72109 8b7aaf 36 API calls 72108->72109 72110 9144a5 72109->72110 72112 9144ef 72110->72112 72123 915a90 48 API calls 72110->72123 72118 927738 72112->72118 72115 8b7b05 34 API calls 72116 9145ad 72115->72116 72116->72056 72119 8b7aaf 36 API calls 72118->72119 72120 92775a 72119->72120 72121 8b7b05 34 API calls 72120->72121 72122 91457e 72121->72122 72122->72115 72123->72112 72125 922204 99 API calls 72124->72125 72126 8f9e5d 72125->72126 72127 919670 72126->72127 72128 8b7aaf 36 API calls 72127->72128 72129 91969f 72128->72129 72130 9196ef 72129->72130 72139 928654 48 API calls 72129->72139 72133 91971a 72130->72133 72140 915a90 48 API calls 72130->72140 72134 8b7b05 34 API calls 72133->72134 72135 919772 72134->72135 72136 922204 72135->72136 72141 920aa4 72136->72141 72138 922216 72138->72066 72140->72133 72146 91273c 72141->72146 72145 920ad6 72145->72138 72147 8b7aaf 36 API calls 72146->72147 72148 91276b 72147->72148 72163 9106b8 72148->72163 72150 91277e 72158 9127b9 72150->72158 72169 8c661c 84 API calls 72150->72169 72151 8b7b05 34 API calls 72153 9127e3 72151->72153 72159 9127f8 72153->72159 72154 912795 72170 8c78f8 45 API calls 72154->72170 72156 91279f 72171 8c722c 50 API calls 72156->72171 72158->72151 72160 91280c 72159->72160 72161 91281e 72160->72161 72173 911370 36 API calls 72160->72173 72161->72145 72164 8c0ae2 30 API calls 72163->72164 72166 9106d2 72164->72166 72165 9106e1 72165->72150 72166->72165 72172 911844 56 API calls 72166->72172 72168 910704 72168->72150 72169->72154 72170->72156 72171->72158 72172->72168 72173->72161 72175 8b7aaf 36 API calls 72174->72175 72176 9255cf 72175->72176 72188 8f9400 45 API calls 72176->72188 72178 9255f4 72179 8b7b05 34 API calls 72178->72179 72184 9257e6 72178->72184 72182 925823 72179->72182 72180 925672 memchr 72185 9255ec 72180->72185 72182->72076 72184->72076 72185->72178 72185->72180 72189 914d48 48 API calls 72185->72189 72190 915be4 48 API calls 72185->72190 72187->72074 72188->72185 72189->72185 72190->72185 72192 8b7aaf 36 API calls 72191->72192 72193 8c77fa 72192->72193 72195 8c7841 72193->72195 72207 928784 48 API calls 72193->72207 72196 8c788f 72195->72196 72208 9288b4 48 API calls 72195->72208 72202 927528 72196->72202 72200 8b7b05 34 API calls 72201 8c78ed 72200->72201 72201->71903 72203 8b7aaf 36 API calls 72202->72203 72206 92754b 72203->72206 72204 8b7b05 34 API calls 72205 8c78b8 72204->72205 72205->72200 72206->72204 72216 8bdd88 72209->72216 72215 8b8389 72215->71911 72218 8bdd9c 72216->72218 72217 8bddd7 EnterCriticalSection 72219 8b835a 72217->72219 72218->72217 72220 8bddb0 72218->72220 72222 8bae66 _errno 72219->72222 72221 8bddba _lock 72220->72221 72221->72219 72225 8baeff 72222->72225 72223 8b837e 72226 8bdde9 72223->72226 72224 8b9fd8 fputc 72224->72225 72225->72223 72225->72224 72227 8bddfd 72226->72227 72228 8bde36 LeaveCriticalSection 72227->72228 72229 8bde11 72227->72229 72228->72215 72230 8be384 _unlock 72229->72230 72232 8b7aaf 36 API calls 72231->72232 72233 912dca 72232->72233 72243 9015c8 72233->72243 72236 8b7b05 34 API calls 72237 8c6cb6 72236->72237 72238 8c7184 72237->72238 72239 8b7aaf 36 API calls 72238->72239 72240 8c71a6 72239->72240 72241 8b7b05 34 API calls 72240->72241 72242 8b17ac 72241->72242 72242->71908 72244 8b7aaf 36 API calls 72243->72244 72245 9015ea 72244->72245 72246 8b7b05 34 API calls 72245->72246 72247 90162f 72246->72247 72247->72236 72249 8b7aaf 36 API calls 72248->72249 72250 8c6b11 72249->72250 72255 912cd4 72250->72255 72252 8c6b41 72253 8b7b05 34 API calls 72252->72253 72254 8c6bce 72253->72254 72254->71919 72256 8b7aaf 36 API calls 72255->72256 72257 912d09 72256->72257 72266 912b58 72257->72266 72264 8b7b05 34 API calls 72265 912d86 72264->72265 72265->72252 72267 912b7e 72266->72267 72268 912b9f 72267->72268 72281 92881c 48 API calls 72267->72281 72270 901514 72268->72270 72271 8b7aaf 36 API calls 72270->72271 72272 901549 72271->72272 72282 901494 72272->72282 72275 8b7b05 34 API calls 72276 9015a5 72275->72276 72277 912ba8 72276->72277 72278 912bbb 72277->72278 72305 924f5c 72278->72305 72285 901394 72282->72285 72286 9013a3 72285->72286 72288 9013c7 72285->72288 72289 90c2dc 72286->72289 72288->72275 72290 90c302 72289->72290 72291 90c307 72289->72291 72302 928594 45 API calls 72290->72302 72295 92781c 72291->72295 72296 927830 malloc 72295->72296 72297 90c312 72296->72297 72299 92783c 72296->72299 72297->72288 72298 927845 72303 9278c8 45 API calls 72298->72303 72304 927e6c 44 API calls 72298->72304 72299->72296 72299->72298 72303->72298 72308 924f3c 72305->72308 72311 91009c 72308->72311 72312 9100e1 72311->72312 72313 9100a8 72311->72313 72312->72264 72315 92546c memset 72313->72315 72315->72312 72317 8c70d5 72316->72317 72317->71931 72320 8b1b82 72318->72320 72321 8c6d40 72318->72321 72320->71934 72321->72320 72322 8c6cf8 LoadLibraryA 72321->72322 72322->72321 72323->71943 72324 c9bc65 72325 c9bc90 72324->72325 72328 c9bcde 72325->72328 72331 c9b480 LdrInitializeThunk 72325->72331 72326 c9bd6f 72328->72326 72332 c9b480 LdrInitializeThunk 72328->72332 72330 c9bde7 72331->72328 72332->72330 72333 c687f0 72334 c687fc 72333->72334 72335 c68979 ExitProcess 72334->72335 72336 c6896f 72334->72336 72337 c68811 GetCurrentProcessId GetCurrentThreadId 72334->72337 72336->72335 72338 c68851 GetForegroundWindow 72337->72338 72339 c6884b 72337->72339 72340 c688d8 72338->72340 72339->72338 72340->72336 72342 c6cdf0 CoInitializeEx 72340->72342 72343 c9bf91 72345 c9bef0 72343->72345 72344 c9bff7 72345->72344 72348 c9b480 LdrInitializeThunk 72345->72348 72347 c9c01d 72348->72347 72349 928eac 72350 8b7aaf 36 API calls 72349->72350 72351 928ed1 72350->72351 72352 928ee8 getenv 72351->72352 72360 928f40 72352->72360 72353 929006 72354 929030 malloc 72353->72354 72355 929057 72353->72355 72356 929041 72354->72356 72365 8b1313 _onexit 72355->72365 72356->72355 72358 928fef strchr 72358->72360 72359 929063 72361 8b7b05 34 API calls 72359->72361 72360->72353 72360->72358 72363 8cdd3c 50 API calls 72360->72363 72364 928fc1 strtoul 72360->72364 72362 92906b 72361->72362 72363->72360 72364->72360 72365->72359 72366 c6b218 72367 c6b21b 72366->72367 72368 c6b2b8 72367->72368 72370 c9b420 RtlAllocateHeap RtlFreeHeap 72367->72370 72368->72368 72370->72367

                                                                                                                                                                                                                  Executed Functions

                                                                                                                                                                                                                  Function 008B1127 Relevance: 15.1, APIs: 10, Instructions: 125sleepstringCOMMON
                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1983991856.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1983979746.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984045343.000000000092C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984095471.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984119797.000000000093A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984133777.000000000093D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_8b0000_FXdg37pY22.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: _inittermmalloc$ExceptionFilterSleepUnhandled_amsg_exit_cexitexitstrlen
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 1058485957-0
                                                                                                                                                                                                                  • Opcode ID: 8522305ada10377ce3d05f1a71dae7bc7728831d37cb622fe9c30bf8a2d325d8
                                                                                                                                                                                                                  • Instruction ID: 40ed3d338628400713e9af21baefe25d7a8ee6b92c95bb5aae8c7f962366a9b7
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8522305ada10377ce3d05f1a71dae7bc7728831d37cb622fe9c30bf8a2d325d8
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DA5128B0918305CFCB14EFA9D98979ABBF0FB49304F404429E694DB311D7B99844EF92
                                                                                                                                                                                                                  Function 00C6A960 Relevance: 9.2, Strings: 7, Instructions: 401COMMON
                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                  control_flow_graph 90 c6a960-c6a989 91 c6a990-c6a9e5 90->91 91->91 92 c6a9e7-c6aadf 91->92 93 c6aae0-c6ab1b 92->93 93->93 94 c6ab1d-c6ab39 93->94 95 c6ab40-c6ab69 94->95 95->95 96 c6ab6b-c6ab86 call c6b6a0 95->96 99 c6ab8c-c6ab98 96->99 100 c6ae29-c6ae32 96->100 101 c6aba0-c6abb2 99->101 101->101 102 c6abb4-c6abb9 101->102 103 c6abc0-c6abcc 102->103 104 c6abd3-c6abe4 103->104 105 c6abce-c6abd1 103->105 106 c6ae20-c6ae21 call c99b60 104->106 107 c6abea-c6abff 104->107 105->103 105->104 110 c6ae26 106->110 109 c6ac00-c6ac41 107->109 109->109 111 c6ac43-c6ac50 109->111 110->100 112 c6ac84-c6ac88 111->112 113 c6ac52-c6ac58 111->113 115 c6ae1e 112->115 116 c6ac8e-c6acb6 112->116 114 c6ac67-c6ac6b 113->114 114->115 117 c6ac71-c6ac78 114->117 115->106 118 c6acc0-c6acf4 116->118 119 c6ac7e 117->119 120 c6ac7a-c6ac7c 117->120 118->118 121 c6acf6-c6acff 118->121 122 c6ac60-c6ac65 119->122 123 c6ac80-c6ac82 119->123 120->119 124 c6ad34-c6ad36 121->124 125 c6ad01-c6ad0b 121->125 122->112 122->114 123->122 124->115 126 c6ad3c-c6ad52 124->126 127 c6ad17-c6ad1b 125->127 128 c6ad60-c6adb2 126->128 127->115 129 c6ad21-c6ad28 127->129 128->128 130 c6adb4-c6adbe 128->130 131 c6ad2e 129->131 132 c6ad2a-c6ad2c 129->132 135 c6adf4-c6adf8 130->135 136 c6adc0-c6adc8 130->136 133 c6ad10-c6ad15 131->133 134 c6ad30-c6ad32 131->134 132->131 133->124 133->127 134->133 138 c6adfe-c6ae1c call c6a6d0 135->138 137 c6add7-c6addb 136->137 137->115 140 c6addd-c6ade4 137->140 138->106 142 c6ade6-c6ade8 140->142 143 c6adea-c6adec 140->143 142->143 144 c6add0-c6add5 143->144 145 c6adee-c6adf2 143->145 144->137 146 c6adfa-c6adfc 144->146 145->144 146->115 146->138
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1984222717.0000000000C60000.00000040.10000000.00040000.00000000.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_c60000_FXdg37pY22.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID: #xDz$'D F$A|}~$N[\D$N[\D$kl$n
                                                                                                                                                                                                                  • API String ID: 0-490458541
                                                                                                                                                                                                                  • Opcode ID: 3ac9edce40b1aa8544a2ecdf617a340d9586a15e3a22e168da93d15185d278d5
                                                                                                                                                                                                                  • Instruction ID: 697bca05caff1999e383be4a29946530b552b159186e819d53ec20b453eedaf2
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3ac9edce40b1aa8544a2ecdf617a340d9586a15e3a22e168da93d15185d278d5
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 31C1167260C3505BC724CF6488D05AFBBD3ABD2304F1E896CE9D56B742D676990ACB83
                                                                                                                                                                                                                  Function 00C687F0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 127threadCOMMON
                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                  control_flow_graph 147 c687f0-c687fe call c9afd0 150 c68804-c6880b call c94680 147->150 151 c68979-c6897b ExitProcess 147->151 154 c68974 call c9b400 150->154 155 c68811-c68849 GetCurrentProcessId GetCurrentThreadId 150->155 154->151 157 c68851-c688d6 GetForegroundWindow 155->157 158 c6884b-c6884f 155->158 159 c68950-c6895e call c69cc0 157->159 160 c688d8-c6894e 157->160 158->157 162 c68963-c68968 159->162 160->159 162->154 163 c6896a-c6896f call c6cdf0 call c6b670 162->163 163->154
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1984222717.0000000000C60000.00000040.10000000.00040000.00000000.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_c60000_FXdg37pY22.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: CurrentProcess$ExitForegroundThreadWindow
                                                                                                                                                                                                                  • String ID: YO9W
                                                                                                                                                                                                                  • API String ID: 3118123366-386669604
                                                                                                                                                                                                                  • Opcode ID: 353fab22767e76a826c9c25460c7541d23c37115110f60708dbb86545ae10836
                                                                                                                                                                                                                  • Instruction ID: 47b006794d65986cde7495a8f0832bbc34764dbb185587560b48643fb84c98b1
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 353fab22767e76a826c9c25460c7541d23c37115110f60708dbb86545ae10836
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BC316C73F5021407C72C6AB99C8636AB5874BC4714F0F823CADE9AB381FDB58C0442D1
                                                                                                                                                                                                                  Function 00C9B480 Relevance: 1.5, APIs: 1, Instructions: 14libraryCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • LdrInitializeThunk.NTDLL(00C9D4FB,005C003F,0000002C,?,?,00000018,?,00000000,?,?,?,?,00000000,00000000), ref: 00C9B4AE
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1984222717.0000000000C60000.00000040.10000000.00040000.00000000.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_c60000_FXdg37pY22.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 2994545307-0
                                                                                                                                                                                                                  • Opcode ID: 428b37146f2ab8bbef251fdb989594d24ae2c5b49c4db8728953df82dacde34d
                                                                                                                                                                                                                  • Instruction ID: 0c3231226d6b2b3a527619dcc08e6164a4fafcc19f94aab6dc14dc2c5ea58878
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 428b37146f2ab8bbef251fdb989594d24ae2c5b49c4db8728953df82dacde34d
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A2E0FE75908316AF9A08CF45C14444EFBE5BFC4714F11CC8DA4D863210D3B0AD46DF82
                                                                                                                                                                                                                  Function 00C69CC0 Relevance: 1.3, Strings: 1, Instructions: 64COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1984222717.0000000000C60000.00000040.10000000.00040000.00000000.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_c60000_FXdg37pY22.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID: \U^_
                                                                                                                                                                                                                  • API String ID: 0-352632802
                                                                                                                                                                                                                  • Opcode ID: 54807a4a81114d7492ee04d5e09bd1763180b8334c721cf381b479dfe53672a1
                                                                                                                                                                                                                  • Instruction ID: 63ea3ca5f042c9155d2eb2acd5ef530208a68c86b0131f55b528b2e2200c9a1c
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 54807a4a81114d7492ee04d5e09bd1763180b8334c721cf381b479dfe53672a1
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7811223060D3908FC3248F349484AABBBA5EFD7748F104A2CE0C51B240C734880A8F96
                                                                                                                                                                                                                  Function 00C6B351 Relevance: .2, Instructions: 243COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1984222717.0000000000C60000.00000040.10000000.00040000.00000000.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_c60000_FXdg37pY22.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: 18270b52acf730a0463d2907694d20f0873707c3c926a60fccb4493f5b7eb334
                                                                                                                                                                                                                  • Instruction ID: 2203fa99e6f13859378a6643821a9bce9f3b49bb01360d4d4021fa02468d8d12
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 18270b52acf730a0463d2907694d20f0873707c3c926a60fccb4493f5b7eb334
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C3819272650B118FC724CF29DC9175BB7E6FB89314B088A2DE5A6C7BA0D778F8058B40
                                                                                                                                                                                                                  Function 00928EAC Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 130stringCOMMON
                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                  control_flow_graph 0 928eac-928ecc call 8b7aaf 2 928ed1-928f39 call 8bf949 getenv 0->2 5 928f40-928f42 2->5 6 929006-929018 5->6 7 928f48-928f4b 5->7 10 92901a 6->10 11 92901f-92902e 6->11 8 928f4e-928f77 call 8cdd3c 7->8 9 928f4d 7->9 19 928f79-928f7d 8->19 20 928fef-929001 strchr 8->20 9->8 10->11 13 929030-92903f malloc 11->13 14 929057-929072 call 8b1313 call 8b7b05 11->14 16 929041-929049 13->16 17 92904b-929054 13->17 16->14 17->14 19->20 22 928f7f-928f82 19->22 20->5 25 928f85-928faa call 8cdd3c 22->25 28 928fb5-928fbd 25->28 29 928fac-928fb3 25->29 28->20 30 928fbf 28->30 29->28 31 928fc1-928fe2 strtoul 29->31 30->25 32 928fe4-928fe6 31->32 33 928fe8-928fea 31->33 32->20 32->33 33->20 34 928fec 33->34 34->20
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1983991856.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1983979746.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984045343.000000000092C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984095471.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984119797.000000000093A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984133777.000000000093D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_8b0000_FXdg37pY22.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: getenvmallocstrchrstrtoul
                                                                                                                                                                                                                  • String ID: .$:$:$=$@
                                                                                                                                                                                                                  • API String ID: 3906490709-779014836
                                                                                                                                                                                                                  • Opcode ID: 98aed0d63596460da42e8afd1b9075db924248c8674bdb738c005005a8d4cb09
                                                                                                                                                                                                                  • Instruction ID: 48a90f9e217d10daa3d47cb6589bb68f01f64dc5c879b946a98eb78af69fcb2a
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 98aed0d63596460da42e8afd1b9075db924248c8674bdb738c005005a8d4cb09
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D3515AB19093158FDB24EFA9E9842AEFBF6FF88304F11842ED598D7215E7748444CB82
                                                                                                                                                                                                                  Function 008BFF35 Relevance: 12.1, APIs: 8, Instructions: 84threadCOMMON
                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,008C0564), ref: 008BFF4B
                                                                                                                                                                                                                    • Part of subcall function 008BFD82: calloc.MSVCRT ref: 008BFDAF
                                                                                                                                                                                                                  • GetCurrentThreadId.KERNEL32 ref: 008BFF74
                                                                                                                                                                                                                  • CreateEventA.KERNEL32 ref: 008BFF92
                                                                                                                                                                                                                    • Part of subcall function 008BFE4A: GetCurrentThreadId.KERNEL32 ref: 008BFE6E
                                                                                                                                                                                                                    • Part of subcall function 008BFE4A: OutputDebugStringA.KERNEL32 ref: 008BFE93
                                                                                                                                                                                                                    • Part of subcall function 008BFE4A: abort.MSVCRT(00000000), ref: 008BFE9A
                                                                                                                                                                                                                  • GetCurrentThread.KERNEL32 ref: 008BFFC2
                                                                                                                                                                                                                  • DuplicateHandle.KERNELBASE ref: 008BFFF3
                                                                                                                                                                                                                  • abort.MSVCRT(00000000,00000000), ref: 008C0000
                                                                                                                                                                                                                  • GetThreadPriority.KERNEL32(00000000,00000000), ref: 008C000B
                                                                                                                                                                                                                  • TlsSetValue.KERNEL32 ref: 008C0032
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1983991856.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1983979746.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984045343.000000000092C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984095471.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984119797.000000000093A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984133777.000000000093D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_8b0000_FXdg37pY22.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Thread$Current$Valueabort$CreateDebugDuplicateEventHandleOutputPriorityStringcalloc
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 3659382012-0
                                                                                                                                                                                                                  • Opcode ID: d12c2cd06ee78ac4b50cd2304a026bafaf7a97c5372468b190fdbdc3f6930c3c
                                                                                                                                                                                                                  • Instruction ID: 843783442b570083b7081c1cb7935c5477164e9ef573b526991eb5d6905de29a
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d12c2cd06ee78ac4b50cd2304a026bafaf7a97c5372468b190fdbdc3f6930c3c
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5731E6B19197018FCB00AF7AD98855ABFE4FF88350B01896EE894C7266E774C444CF92
                                                                                                                                                                                                                  Function 008C702C Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 60fileCOMMON
                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                  control_flow_graph 167 8c702c-8c70d3 CreateFileMappingA MapViewOfFile CloseHandle 168 8c70fa-8c70fc 167->168 169 8c70d5-8c70e6 167->169 169->168 170 8c70e8-8c70f7 169->170 170->168
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1983991856.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1983979746.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984045343.000000000092C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984095471.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984119797.000000000093A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984133777.000000000093D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_8b0000_FXdg37pY22.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: File$CloseCreateHandleMappingView
                                                                                                                                                                                                                  • String ID: "$@
                                                                                                                                                                                                                  • API String ID: 1187395538-1136454570
                                                                                                                                                                                                                  • Opcode ID: ba93322dcc744932ffeab98772f383f1e48fe5b4f9a22b931fd4f725e638f255
                                                                                                                                                                                                                  • Instruction ID: 999e683dab3108cc674708885b6a9bdc699d006928874cc91ed63b9af397300e
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ba93322dcc744932ffeab98772f383f1e48fe5b4f9a22b931fd4f725e638f255
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: EC217FB4A082069FDB00DF6CC584B5EBBF0FB48304F008569E8A4E73A0D375E9059F52
                                                                                                                                                                                                                  Function 00C9B720 Relevance: 3.0, APIs: 2, Instructions: 31COMMON
                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • GetForegroundWindow.USER32 ref: 00C9B720
                                                                                                                                                                                                                  • GetForegroundWindow.USER32 ref: 00C9B740
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1984222717.0000000000C60000.00000040.10000000.00040000.00000000.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_c60000_FXdg37pY22.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: ForegroundWindow
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 2020703349-0
                                                                                                                                                                                                                  • Opcode ID: 60c60275fe14a75ed42707561816522e341ddcdfbac8f056046e25493cea6a04
                                                                                                                                                                                                                  • Instruction ID: bf0c67b665f28c9e547cfd039a4be647d1c2fe4a9b05f3399788217aea57179f
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 60c60275fe14a75ed42707561816522e341ddcdfbac8f056046e25493cea6a04
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 93D0A7B6D30150FBCA04A730FC4E71F3A2AFB4336F7684514E80383362DA21740A8A83
                                                                                                                                                                                                                  Function 008B18C7 Relevance: 1.6, APIs: 1, Instructions: 108COMMON
                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • GetConsoleWindow.KERNELBASE ref: 008B1A34
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1983991856.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1983979746.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984045343.000000000092C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984095471.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984119797.000000000093A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984133777.000000000093D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_8b0000_FXdg37pY22.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: ConsoleWindow
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 2863861424-0
                                                                                                                                                                                                                  • Opcode ID: ece06b34f806e1d8ec8350ff3bbcadc572513d720e2ca84e3ea71ecc994c367b
                                                                                                                                                                                                                  • Instruction ID: 381b1b8697c3e2aae9fa75137b87bd06f35670c3d0929ce254de4f370cc7ea0e
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ece06b34f806e1d8ec8350ff3bbcadc572513d720e2ca84e3ea71ecc994c367b
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BE41D674A083198BCB14EF64D985B9DBBF5FB88304F10856ED888D7351EB74AA49CF42
                                                                                                                                                                                                                  Function 008BAE66 Relevance: 1.6, APIs: 1, Instructions: 104COMMON
                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                  control_flow_graph 342 8bae66-8baef8 _errno 343 8baeff-8baf0b 342->343 344 8bb65e-8bb66c 343->344 345 8baf11-8baf14 343->345 346 8baf1a-8baf3f 345->346 347 8bb649-8bb650 call 8b9fd8 345->347 348 8baf4a-8baf65 346->348 351 8bb655-8bb659 347->351 348->343 350 8baf67-8baf70 348->350 352 8baf76 350->352 353 8bb5b5-8bb5be 350->353 351->343 352->353 354 8bb5fa-8bb644 call 8b9fd8 353->354 355 8bb5c0-8bb5c3 353->355 354->343 355->354 356 8bb5c5-8bb5c7 355->356 358 8bb5c9-8bb5cc 356->358 359 8bb5d5 356->359 361 8bb5da-8bb5dc 358->361 362 8bb5ce-8bb5d3 358->362 359->361 364 8bb5de-8bb5f8 361->364 365 8bb634-8bb638 361->365 362->361 364->365 365->348
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1983991856.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1983979746.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984045343.000000000092C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984095471.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984119797.000000000093A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984133777.000000000093D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_8b0000_FXdg37pY22.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: _errno
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 2918714741-0
                                                                                                                                                                                                                  • Opcode ID: 003479f666e0ee12d1458558e6622226534ae727b7a5112a88ec234ad778d536
                                                                                                                                                                                                                  • Instruction ID: f3d0af8a5e2cd51f7f2404562f1037ef268092320c9d8a027a2f0bbb325380c0
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 003479f666e0ee12d1458558e6622226534ae727b7a5112a88ec234ad778d536
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D041E4745083858FD730CF29C480B9BBBE6FB8A324F148B19E4A8DB391D73099468B53
                                                                                                                                                                                                                  Function 008C0AE2 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                  control_flow_graph 366 8c0ae2-8c0af9 367 8c0aff-8c0b00 366->367 368 8c0ba0-8c0ba7 366->368 369 8c0b09-8c0b21 call 8bfb21 call 8bf747 367->369 370 8c0b02-8c0b04 367->370 375 8c0b5c-8c0b62 369->375 376 8c0b23-8c0b2d call 8c0ace 369->376 370->368 377 8c0b8c-8c0b9b call 8bf7b0 call 8bfcc9 375->377 378 8c0b64-8c0b87 fprintf 375->378 381 8c0b32-8c0b5a call 8c0ace * 2 376->381 377->370 378->377 381->377
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1983991856.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1983979746.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984045343.000000000092C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984095471.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984119797.000000000093A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984133777.000000000093D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_8b0000_FXdg37pY22.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: fprintf
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 383729395-0
                                                                                                                                                                                                                  • Opcode ID: c58e325496158efffd29aa7024646adef578a399ec72bc9dc3267433d19f6203
                                                                                                                                                                                                                  • Instruction ID: b9b650c3586d02139b8c7fc968a30dea3834f4f0cf7ede2dd3d9fdf79b1126ca
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c58e325496158efffd29aa7024646adef578a399ec72bc9dc3267433d19f6203
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B6112CB0904204DFC710EF68C845AAEBBF0FF84354F21C86DE9849B315E73598419F96
                                                                                                                                                                                                                  Function 008B9FD8 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                  control_flow_graph 391 8b9fd8-8b9fe8 392 8b9fea-8b9ff0 391->392 393 8b9ff2-8b9ff8 391->393 392->393 394 8ba00e-8ba016 392->394 395 8b9ffa-8ba006 fputc 393->395 396 8ba008-8ba00b 393->396 395->394 396->394
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1983991856.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1983979746.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984045343.000000000092C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984095471.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984119797.000000000093A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984133777.000000000093D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_8b0000_FXdg37pY22.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: fputc
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 1992160199-0
                                                                                                                                                                                                                  • Opcode ID: 6e43812b830da307458a2b4cbff3996d19f1e998b98e22eee2657815703c183c
                                                                                                                                                                                                                  • Instruction ID: 01d3ff96163a2fde77101397136f931ea8797369741065e18b04113956d0b543
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6e43812b830da307458a2b4cbff3996d19f1e998b98e22eee2657815703c183c
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 79E06DB0505608CBCB18AB1DC1C14A1BBA5FB99300B5182ADD98A8B357D231D842CB97
                                                                                                                                                                                                                  Function 00C99B60 Relevance: 1.5, APIs: 1, Instructions: 15memoryCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • RtlFreeHeap.NTDLL(?,00000000,00000000,00C72F5C), ref: 00C99B80
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1984222717.0000000000C60000.00000040.10000000.00040000.00000000.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_c60000_FXdg37pY22.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: FreeHeap
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 3298025750-0
                                                                                                                                                                                                                  • Opcode ID: aa30114a2963bc2db29ba9db1008e3720cfa00264ee4e314b3503e92f5346a1d
                                                                                                                                                                                                                  • Instruction ID: 38e5a6e215fe1fde1fb8aa397b517b985cf7dcc9de043ae2d79dbd7e3e719bc4
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: aa30114a2963bc2db29ba9db1008e3720cfa00264ee4e314b3503e92f5346a1d
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9CD0C931519126EBCA506B28BC15BCB3B68DF49631F5B0891B4006A064C665EC919AD4
                                                                                                                                                                                                                  Function 008C6CF8 Relevance: 1.5, APIs: 1, Instructions: 11libraryCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • LoadLibraryA.KERNELBASE(?,?,?,?,?,?,?,?,?,008C6D78), ref: 008C6D0C
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1983991856.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1983979746.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984045343.000000000092C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984095471.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984119797.000000000093A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984133777.000000000093D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_8b0000_FXdg37pY22.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: LibraryLoad
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 1029625771-0
                                                                                                                                                                                                                  • Opcode ID: a426c29ed4cc041aa3ed2598dbc16692362579970f3af96595d3071799e27f6a
                                                                                                                                                                                                                  • Instruction ID: e25ea0a5dca910d917cc7b901da5abdc14e9087218eee6f744af8ff06c2d28d9
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a426c29ed4cc041aa3ed2598dbc16692362579970f3af96595d3071799e27f6a
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 36C012749042045BC700FF7DE84140D7BF45704204F008134E894D3350D134E554CF96
                                                                                                                                                                                                                  Function 00C99B40 Relevance: 1.5, APIs: 1, Instructions: 9memoryCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • RtlAllocateHeap.NTDLL(?,00000000,?,?,00C74E57,00000400), ref: 00C99B50
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1984222717.0000000000C60000.00000040.10000000.00040000.00000000.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_c60000_FXdg37pY22.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: AllocateHeap
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 1279760036-0
                                                                                                                                                                                                                  • Opcode ID: dcb9dddc62d293fc3ba6f5105fe79842eda7458a2a98a326f0909806da3d95a0
                                                                                                                                                                                                                  • Instruction ID: ab59e813f17c05e7c98d8aafe362357515e4451fbab384f9d717f0445d47b374
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: dcb9dddc62d293fc3ba6f5105fe79842eda7458a2a98a326f0909806da3d95a0
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DBC09231545124ABCF10AF14FC09FCA3F68EF457A1F5A0492F405670B5CB60AC82EAD8
                                                                                                                                                                                                                  Function 0092781C Relevance: 1.3, APIs: 1, Instructions: 28COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1983991856.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1983979746.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984045343.000000000092C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984095471.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984119797.000000000093A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984133777.000000000093D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_8b0000_FXdg37pY22.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: malloc
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 2803490479-0
                                                                                                                                                                                                                  • Opcode ID: 3aa8037f53826626ff492893036fa9b4842df4b0de92d42b17a1a0867161b0e5
                                                                                                                                                                                                                  • Instruction ID: 41adb99acdce5bb73829024cc02c6b5d31d0b0b2bf3fb1fbb6c1bf2be73e9c02
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3aa8037f53826626ff492893036fa9b4842df4b0de92d42b17a1a0867161b0e5
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5DF030B050C3156ED7107FE5A8C621ABAD8AF51348F81486CE8899B31BE775D444CB62

                                                                                                                                                                                                                  Non-executed Functions

                                                                                                                                                                                                                  Function 00C72670 Relevance: 165.6, Strings: 131, Instructions: 1885COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1984222717.0000000000C60000.00000040.10000000.00040000.00000000.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_c60000_FXdg37pY22.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID: $ $!$"$$$&$'$*$,$.$.$/$/$1$3$3$4$6$8$8$9$:$@$@$A$D$D$D$E$F$H$I$I$J$J$K$L$L$M$N$O$O$P$R$T$U$V$V$W$X$Y$Y$Z$Z$Z$[$\$\$]$^$`$`$`$`$`$`$`$`$a$a$a$a$a$a$a$a$b$b$b$b$b$b$b$c$c$c$c$c$c$d$e$f$f$f$g$h$h$j$l$l$m$n$o$p$p$p$q$q$r$r$r$s$t$t$u$v$w$w$x$x$y$y$z${${$|$|$|$}$~$~
                                                                                                                                                                                                                  • API String ID: 0-970517751
                                                                                                                                                                                                                  • Opcode ID: 99833a57a78c963ea816dd2b769b03a1caa0b80b4af30bfa6358778151c93e1a
                                                                                                                                                                                                                  • Instruction ID: 06840b05fe518c00e3b50db9905c9c31f76ff93cdbb43e56b534f0234a0bf0ce
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 99833a57a78c963ea816dd2b769b03a1caa0b80b4af30bfa6358778151c93e1a
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DD038B3110C7C08AD3399B3884953AFBBE2ABD6314F188A6DE1ED873D2D77985459B13
                                                                                                                                                                                                                  Function 00C96F90 Relevance: 33.8, APIs: 10, Strings: 9, Instructions: 571memorycomCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • CoCreateInstance.OLE32(00CA068C,00000000,00000001,00CA067C), ref: 00C97173
                                                                                                                                                                                                                  • SysAllocString.OLEAUT32(D080DE8F), ref: 00C971DB
                                                                                                                                                                                                                  • CoSetProxyBlanket.OLE32(?,0000000A,00000000,00000000,00000003,00000003,00000000,00000000), ref: 00C97218
                                                                                                                                                                                                                  • SysAllocString.OLEAUT32(9F4F9D4B), ref: 00C97268
                                                                                                                                                                                                                  • SysAllocString.OLEAUT32(E8D216C6), ref: 00C9731A
                                                                                                                                                                                                                  • VariantInit.OLEAUT32(.'()), ref: 00C97385
                                                                                                                                                                                                                  • VariantClear.OLEAUT32(.'()), ref: 00C974E0
                                                                                                                                                                                                                  • SysFreeString.OLEAUT32(?), ref: 00C97504
                                                                                                                                                                                                                  • SysFreeString.OLEAUT32(?), ref: 00C9750A
                                                                                                                                                                                                                  • SysFreeString.OLEAUT32(00000000), ref: 00C97517
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1984222717.0000000000C60000.00000040.10000000.00040000.00000000.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_c60000_FXdg37pY22.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: String$AllocFree$Variant$BlanketClearCreateInitInstanceProxy
                                                                                                                                                                                                                  • String ID: !"$"#$%$.'()$.;$>C$C$p*v,${.] ${|
                                                                                                                                                                                                                  • API String ID: 2485776651-264043890
                                                                                                                                                                                                                  • Opcode ID: 3cbf089f1a62538049c2adb2d2beee836292c11ba1932e18e260bbc570b49494
                                                                                                                                                                                                                  • Instruction ID: 0eac074760227a36a6486c8b204ef4d66b72c1636d0f74144ddf5320e917b969
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3cbf089f1a62538049c2adb2d2beee836292c11ba1932e18e260bbc570b49494
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C3021F71A1C3009FD710CF64CC89B6BBBE5EB85308F14892CF6959B2A1D639D945CB92
                                                                                                                                                                                                                  Function 00C815F0 Relevance: 28.1, Strings: 22, Instructions: 608COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1984222717.0000000000C60000.00000040.10000000.00040000.00000000.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_c60000_FXdg37pY22.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID: !@$$$,$,$/$/$=$?$`$`$`$a$a$a$b$b$b$c$c$c$x$y
                                                                                                                                                                                                                  • API String ID: 0-2322859148
                                                                                                                                                                                                                  • Opcode ID: 21d9c8c51ccee9a30e91199c57543a6c911ae927769f1a85a4af87d1b7f8d303
                                                                                                                                                                                                                  • Instruction ID: 8047520e6cd968912825d92fa3980a0b19643bc0470afaa74f9a224d59444129
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 21d9c8c51ccee9a30e91199c57543a6c911ae927769f1a85a4af87d1b7f8d303
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E432F47160C3808FD3249F28C4953AFFBE5ABC5318F1D892DE9D587392D6B988468B47
                                                                                                                                                                                                                  Function 00C96690 Relevance: 19.0, Strings: 15, Instructions: 246COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1984222717.0000000000C60000.00000040.10000000.00040000.00000000.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_c60000_FXdg37pY22.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID: #$5$C$X$X$Y$Y$Z$Z$\$`$e$i$j$~
                                                                                                                                                                                                                  • API String ID: 0-3294723363
                                                                                                                                                                                                                  • Opcode ID: 218b22c1c0bb5ff38fa90c5a0a5a95447d190bf781458c7b06e1a19171da4b10
                                                                                                                                                                                                                  • Instruction ID: 5c64e71eb3d462290fb0b56b9cc82be9e492e3be5197727627db79938ed5f564
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 218b22c1c0bb5ff38fa90c5a0a5a95447d190bf781458c7b06e1a19171da4b10
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DB910623A0C7D04AD7058579885835FEED30BE6224F2ECAADE4E5973C6C579C906C3A3
                                                                                                                                                                                                                  Function 008B8A1F Relevance: 13.7, APIs: 4, Strings: 3, Instructions: 1487stringCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1983991856.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1983979746.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984045343.000000000092C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984095471.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984119797.000000000093A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984133777.000000000093D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_8b0000_FXdg37pY22.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: _errno$localeconvstrlen
                                                                                                                                                                                                                  • String ID: $5$P
                                                                                                                                                                                                                  • API String ID: 2486237476-2425386841
                                                                                                                                                                                                                  • Opcode ID: 538b1462fca9e9382decbf26c867d16ceb16d0b3432f765c139fdacb6d9bc770
                                                                                                                                                                                                                  • Instruction ID: 6c336c970230f84a51bfd8c25eb0fe02c11b0ed4f4f2aa8aaa1c88c12cfef8d4
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 538b1462fca9e9382decbf26c867d16ceb16d0b3432f765c139fdacb6d9bc770
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1AD22FB0E046198FCB20CFA8C9846DDBBF1FB48314F24856AD999EB355EB349985CF41
                                                                                                                                                                                                                  Function 00C85920 Relevance: 12.9, Strings: 10, Instructions: 398COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1984222717.0000000000C60000.00000040.10000000.00040000.00000000.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_c60000_FXdg37pY22.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID: z%|$"r,t$&f?x$3v#H$<b"d$=j9l$cba`$cba`$Z\$^P
                                                                                                                                                                                                                  • API String ID: 0-3047316687
                                                                                                                                                                                                                  • Opcode ID: fe3fc4f6afe826671129bf57249d46f12b96849d732c4f21acfee7cf0723fb51
                                                                                                                                                                                                                  • Instruction ID: c00845edd6498df77c199cf88187c8fd86475521c3a02cf101fb7fab3769eb45
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: fe3fc4f6afe826671129bf57249d46f12b96849d732c4f21acfee7cf0723fb51
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CED1E0B5508380DFE724DF24E88176FB7A2FBD5308F54882CE5959B261D7B8D901CB46
                                                                                                                                                                                                                  Function 00C833A0 Relevance: 12.7, APIs: 1, Strings: 6, Instructions: 471COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1984222717.0000000000C60000.00000040.10000000.00040000.00000000.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_c60000_FXdg37pY22.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID: #R,T$$^<P$VW$]~"p$ij$KM
                                                                                                                                                                                                                  • API String ID: 0-788320361
                                                                                                                                                                                                                  • Opcode ID: fa562f27802f6f6d71352df88f76be1ad08d8898b341ac79854a34d478d73f43
                                                                                                                                                                                                                  • Instruction ID: 2d961a9872aacb4adc753313e10f7ef0ec6bf8801499c833db0bc9c36a422239
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: fa562f27802f6f6d71352df88f76be1ad08d8898b341ac79854a34d478d73f43
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BFF1DAB16083408FD3149F65D88166FBBE1EFD6708F44892CF5968B250E7B8DA06CB47
                                                                                                                                                                                                                  Function 00C6E2A9 Relevance: 12.5, APIs: 2, Strings: 6, Instructions: 529COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1984222717.0000000000C60000.00000040.10000000.00040000.00000000.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_c60000_FXdg37pY22.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Uninitialize
                                                                                                                                                                                                                  • String ID: "# `$,$I~$`~$qx$s
                                                                                                                                                                                                                  • API String ID: 3861434553-4056803109
                                                                                                                                                                                                                  • Opcode ID: ac48f041f434f77d8819bd7683a4854374f47970d374aac5e183df658512f071
                                                                                                                                                                                                                  • Instruction ID: f07a5b4a84005477d714195f38fa0135db0f56997c9720ae0e9544512a8a0487
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ac48f041f434f77d8819bd7683a4854374f47970d374aac5e183df658512f071
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: EF02BBB410C3D18BD735CF2584A07EBBFE1AF92304F1899ADD4EA5B252D675050ACBA3
                                                                                                                                                                                                                  Function 00C91A30 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 109clipboardCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1984222717.0000000000C60000.00000040.10000000.00040000.00000000.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_c60000_FXdg37pY22.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Clipboard$Global$CloseDataLockLongOpenUnlockWindow
                                                                                                                                                                                                                  • String ID: K
                                                                                                                                                                                                                  • API String ID: 2832541153-856455061
                                                                                                                                                                                                                  • Opcode ID: d81fe7f561d252b24c382810175d6d1f34a2dc31232b7f7b788a7f27f91ea80c
                                                                                                                                                                                                                  • Instruction ID: ad10ea6616e0f5c31b876c5becec05094cc60a7f891d0bbb301b1673aac50923
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d81fe7f561d252b24c382810175d6d1f34a2dc31232b7f7b788a7f27f91ea80c
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FC417E7150C7828FD310AF7C988935EBFE19B92324F184B6DE8E6872D2E6748549C793
                                                                                                                                                                                                                  Function 008BC720 Relevance: 11.0, APIs: 5, Strings: 1, Instructions: 537stringCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1983991856.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1983979746.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984045343.000000000092C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984095471.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984119797.000000000093A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984133777.000000000093D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_8b0000_FXdg37pY22.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: _errno$localeconvstrlen
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 2486237476-3916222277
                                                                                                                                                                                                                  • Opcode ID: c7ac162d293a13ad0d18b848caecc7b1db5a2705ec3fdc9e655c2bcec66fd23e
                                                                                                                                                                                                                  • Instruction ID: b966117c713d6e68efff41b8cb9c99c2487b177be059c230dcec661ef124dbd5
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c7ac162d293a13ad0d18b848caecc7b1db5a2705ec3fdc9e655c2bcec66fd23e
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0B22DC75A042198FDB24CF68C4852EEBBF1FF88310F19856AE895EB352D734AC41CB91
                                                                                                                                                                                                                  Function 008B5D2F Relevance: 10.4, APIs: 8, Instructions: 450COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1983991856.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1983979746.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984045343.000000000092C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984095471.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984119797.000000000093A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984133777.000000000093D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_8b0000_FXdg37pY22.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: 20dabe72cf691e338a17796b7abdef1d7c3571c6396adbc34549ff4dc357abe3
                                                                                                                                                                                                                  • Instruction ID: b858c941e9d2b3f48a009d18f7ca265aa58d23aa1a720a26d44d8e34673cc525
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 20dabe72cf691e338a17796b7abdef1d7c3571c6396adbc34549ff4dc357abe3
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2EE19D70B04A458BEB20AF3988953EAB7D2FB40314F58C579D446CB347EA3DCD568B46
                                                                                                                                                                                                                  Function 00C69360 Relevance: 10.4, Strings: 8, Instructions: 405COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1984222717.0000000000C60000.00000040.10000000.00040000.00000000.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_c60000_FXdg37pY22.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID: /37)$8>&:$YAG~u$`;;2$`;;2$u$}x$
                                                                                                                                                                                                                  • API String ID: 0-2031701488
                                                                                                                                                                                                                  • Opcode ID: afbf182f086d4cb3678fef5cd9cf034a3b5aeb1cf8c39da1fee8d2667e1554dd
                                                                                                                                                                                                                  • Instruction ID: 09eaa812b7a7992eb2dcbec2552c95f1db2597cd5343bb967845ec884d9716a6
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: afbf182f086d4cb3678fef5cd9cf034a3b5aeb1cf8c39da1fee8d2667e1554dd
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 46C11B7150C3914FD325CF2984A03ABBFD2EFD7215F19899DE4E64B381D6398909C792
                                                                                                                                                                                                                  Function 008B65B4 Relevance: 9.3, APIs: 4, Strings: 2, Instructions: 297stringCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1983991856.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1983979746.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984045343.000000000092C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984095471.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984119797.000000000093A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984133777.000000000093D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_8b0000_FXdg37pY22.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: strlen$strncmp
                                                                                                                                                                                                                  • String ID: F$_GLOBAL_
                                                                                                                                                                                                                  • API String ID: 2920004640-3892140033
                                                                                                                                                                                                                  • Opcode ID: c870c3572d918879c37d1be0eecbb26435f226f928cdde83e5bb91846f0a74e5
                                                                                                                                                                                                                  • Instruction ID: a2fa854445cd7987f40e437615cb5355110c20431c2f35c73c7bc0d8765193f1
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c870c3572d918879c37d1be0eecbb26435f226f928cdde83e5bb91846f0a74e5
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DBC15871D046698FEB24DF28C8913DEBBB1FB4A304F4481BAC459E6341EB389A95CF41
                                                                                                                                                                                                                  Function 00C896D8 Relevance: 9.1, Strings: 7, Instructions: 340COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1984222717.0000000000C60000.00000040.10000000.00040000.00000000.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_c60000_FXdg37pY22.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID: );?g$9nI9$;>*2$='0{$[93=$cba`$fa
                                                                                                                                                                                                                  • API String ID: 0-154584671
                                                                                                                                                                                                                  • Opcode ID: 2e54ef5e4c1019ff825c15789a1a04a95fa9aaecb1fb95b2ed5e68050a999ddc
                                                                                                                                                                                                                  • Instruction ID: 5355225ceddeb1ede4ced7235ac8a18c01f5c712a036f57850fcb0c070a71190
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2e54ef5e4c1019ff825c15789a1a04a95fa9aaecb1fb95b2ed5e68050a999ddc
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5CC1F13550C3A08FC3259F29889076ABBE2EF96328F188A6CF4F557392C3358945CB56
                                                                                                                                                                                                                  Function 00C79C10 Relevance: 8.8, Strings: 6, Instructions: 1297COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1984222717.0000000000C60000.00000040.10000000.00040000.00000000.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_c60000_FXdg37pY22.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                                                                                  • String ID: I,~M$PQ$cba`$cba`$cba`$wEtG
                                                                                                                                                                                                                  • API String ID: 2994545307-3803835663
                                                                                                                                                                                                                  • Opcode ID: 630eff45516b260edc7b90edd1ed8ec8e77ab8abdf1e27ca028513f62ba0b19a
                                                                                                                                                                                                                  • Instruction ID: 5892dd74f4474a56199b37ec2f8fa5ce50e513327290419db20cc956b96f2cee
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 630eff45516b260edc7b90edd1ed8ec8e77ab8abdf1e27ca028513f62ba0b19a
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C59201706083409BE724CF65D885B2FBBE6EBD1704F28C82CE69887292D7759D41DB93
                                                                                                                                                                                                                  Function 00C7DE40 Relevance: 8.4, Strings: 6, Instructions: 886COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1984222717.0000000000C60000.00000040.10000000.00040000.00000000.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_c60000_FXdg37pY22.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID: @@=:$I6F8$J:<<$P9&'$n$-+
                                                                                                                                                                                                                  • API String ID: 0-2611983443
                                                                                                                                                                                                                  • Opcode ID: addda101bf47421890c7a35703eb850e5bb1665b7ca1deaa95b0176b8345d348
                                                                                                                                                                                                                  • Instruction ID: 8154df2b8a14e26cfedb938d06ed9bdef3a82b79fc80ce39f6c45d6e95a964b8
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: addda101bf47421890c7a35703eb850e5bb1665b7ca1deaa95b0176b8345d348
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F5526A7250C3908FC725CF28C84076EBBE1AFD6318F1986ACE8E95B392D7358905D792
                                                                                                                                                                                                                  Function 00C7C360 Relevance: 8.1, Strings: 6, Instructions: 626COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1984222717.0000000000C60000.00000040.10000000.00040000.00000000.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_c60000_FXdg37pY22.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID: =z9|$JK$Vj)l$}~$CE$GI
                                                                                                                                                                                                                  • API String ID: 0-2837980318
                                                                                                                                                                                                                  • Opcode ID: 08bbd19939079fc8c12f08192af3c49796f16f148c3517530b64a15e7fb1fea3
                                                                                                                                                                                                                  • Instruction ID: c4f459bb18fbcd1c8d5c1d0ddbffe5ebd4435ae2ddf2f67d4550da1fe0ca34ff
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 08bbd19939079fc8c12f08192af3c49796f16f148c3517530b64a15e7fb1fea3
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0D02FDB550C3408BC714DF29D89266FBBE2EFD6314F08982CE4DA8B351E7358A05DB96
                                                                                                                                                                                                                  Function 0090B240 Relevance: 7.6, Strings: 6, Instructions: 112COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  • Auth, xrefs: 0090B392
                                                                                                                                                                                                                  • Auth, xrefs: 0090B33A
                                                                                                                                                                                                                  • random_device::random_device(const std::string&): device not available, xrefs: 0090B3B6
                                                                                                                                                                                                                  • random_device::random_device(const std::string&): unsupported token, xrefs: 0090B2FD
                                                                                                                                                                                                                  • Genu, xrefs: 0090B333
                                                                                                                                                                                                                  • Genu, xrefs: 0090B38B
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1983991856.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1983979746.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984045343.000000000092C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984095471.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984119797.000000000093A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984133777.000000000093D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_8b0000_FXdg37pY22.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: memcmpstrlen
                                                                                                                                                                                                                  • String ID: Auth$Auth$Genu$Genu$random_device::random_device(const std::string&): device not available$random_device::random_device(const std::string&): unsupported token
                                                                                                                                                                                                                  • API String ID: 3108337309-320053920
                                                                                                                                                                                                                  • Opcode ID: dce3d94c9d4629c3b2d0773dbcd58819c5e58925f20b40d82efdc423163d9451
                                                                                                                                                                                                                  • Instruction ID: 0c62c5de16071dc018d05017bc7d4f085abaa25d3189a120a8f1dae18d08073e
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: dce3d94c9d4629c3b2d0773dbcd58819c5e58925f20b40d82efdc423163d9451
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BA31AE705073148FDF24AF24D68127EBBE8AB80344F60982DE5868B6D6D735C8868B51
                                                                                                                                                                                                                  Function 00C8D085 Relevance: 6.6, Strings: 5, Instructions: 368COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1984222717.0000000000C60000.00000040.10000000.00040000.00000000.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_c60000_FXdg37pY22.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID: #$0$AGsW$P$k
                                                                                                                                                                                                                  • API String ID: 0-1629916805
                                                                                                                                                                                                                  • Opcode ID: 93db7388b1b9ea557a29eeada7a3aed300999dd3d86457d91ac8df4769a1ea7b
                                                                                                                                                                                                                  • Instruction ID: b0744fbea2aae4b2a0176489701b0e72956062cd65f88f396344f24d4f2d05db
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 93db7388b1b9ea557a29eeada7a3aed300999dd3d86457d91ac8df4769a1ea7b
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F4C106712083818ED328CF39C4513ABBBE2AFD3308F288A6DD0D68B2D1D7798509D716
                                                                                                                                                                                                                  Function 00C6CE55 Relevance: 6.5, Strings: 5, Instructions: 275COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1984222717.0000000000C60000.00000040.10000000.00040000.00000000.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_c60000_FXdg37pY22.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID: F^$I@$N~ :$VgfW$z@(
                                                                                                                                                                                                                  • API String ID: 0-3506082874
                                                                                                                                                                                                                  • Opcode ID: 972d9650cca557ccebe2f24449eb011f3ffa3806a40bb4350465e29de1e2e3b5
                                                                                                                                                                                                                  • Instruction ID: 7f4dbddb92ae2b25c82217b95ba88a4703c3e93fb4ac0b497136ecbbb6378fa3
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 972d9650cca557ccebe2f24449eb011f3ffa3806a40bb4350465e29de1e2e3b5
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2191C1B064D3C18BD735CF25D4A0BEBBBE0AB96314F148D6CD4E94B242D738454ADB52
                                                                                                                                                                                                                  Function 00C96C40 Relevance: 6.5, Strings: 5, Instructions: 265COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1984222717.0000000000C60000.00000040.10000000.00040000.00000000.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_c60000_FXdg37pY22.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID: `$a$b$c$cba`cba`
                                                                                                                                                                                                                  • API String ID: 0-3925122358
                                                                                                                                                                                                                  • Opcode ID: b16e2500e24e106842077158a1b3acd311cae69eade32f2b4007a3da5e50198a
                                                                                                                                                                                                                  • Instruction ID: 88183a0d24b9304f8b7a48d03b47a6564e08a5b26aef8835e53850c5c2469c92
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b16e2500e24e106842077158a1b3acd311cae69eade32f2b4007a3da5e50198a
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B4A13672E08344CFDF04CBA9C4593AEBBF2AF86304F18806DD496973D2C6798900CB91
                                                                                                                                                                                                                  Function 00C6C36E Relevance: 6.5, Strings: 5, Instructions: 203COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1984222717.0000000000C60000.00000040.10000000.00040000.00000000.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_c60000_FXdg37pY22.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID: ){+}$4cde$CJ$F'k)$GS
                                                                                                                                                                                                                  • API String ID: 0-4192230409
                                                                                                                                                                                                                  • Opcode ID: 81c8f6c66080e68ecfa64a176e239afaa1ba445336083f4d75ee264f66d0f99d
                                                                                                                                                                                                                  • Instruction ID: d0eec6f5ed9f2392b92519dc1be6a5c1b202cbb847dc6a0795dc1eae9b6289b2
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 81c8f6c66080e68ecfa64a176e239afaa1ba445336083f4d75ee264f66d0f99d
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 38B12AB84053058FE354DF628688FAA7BB0FB25314F1A82E8E0992F772D7748405CF96
                                                                                                                                                                                                                  Function 008C1866 Relevance: 6.1, APIs: 4, Instructions: 70COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1983991856.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1983979746.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984045343.000000000092C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984095471.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984119797.000000000093A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984133777.000000000093D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_8b0000_FXdg37pY22.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: DebuggerExceptionPresentRaise_strdupfree
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 2994003445-0
                                                                                                                                                                                                                  • Opcode ID: c24ab85b5ed8fbd4c52e3dddb42b84598df08915239458ce32dfb2c73ba76262
                                                                                                                                                                                                                  • Instruction ID: 93063f23e2ab90f8c9c6d60267b36545902dd582bb50d87acdbba86256c3abe1
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c24ab85b5ed8fbd4c52e3dddb42b84598df08915239458ce32dfb2c73ba76262
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CC217C70A082048FDF10EF69C498B9ABBF5FB45360F8580AED889DB242D774C944CB92
                                                                                                                                                                                                                  Function 008BDE7C Relevance: 6.0, APIs: 4, Instructions: 34libraryloaderCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1983991856.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1983979746.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984045343.000000000092C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984095471.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984119797.000000000093A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984133777.000000000093D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_8b0000_FXdg37pY22.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: AddressProc$HandleLibraryLoadModule
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 384173800-0
                                                                                                                                                                                                                  • Opcode ID: 8559a694356230761571f6d576416688fb79e2a2f25506edf94eb08f4f89df74
                                                                                                                                                                                                                  • Instruction ID: d534ba03f4b8d3ddb9976a7f3bdf20b02536ba23b4d93bfb9e4d3d94caf0e3d9
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8559a694356230761571f6d576416688fb79e2a2f25506edf94eb08f4f89df74
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 78F0F9B1419305AFD724AF699C8856EBBE8FA48750F00841CE588C7210E7719944DFA2
                                                                                                                                                                                                                  Function 00C880B0 Relevance: 5.4, Strings: 4, Instructions: 440COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1984222717.0000000000C60000.00000040.10000000.00040000.00000000.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_c60000_FXdg37pY22.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID: '|$-.$12$i>}0
                                                                                                                                                                                                                  • API String ID: 0-2215797287
                                                                                                                                                                                                                  • Opcode ID: f972b144f7529c72f73850552219c51a96baa17a5252a874f29b0511cf760148
                                                                                                                                                                                                                  • Instruction ID: 844832b9bb458cf0765cf22da74ff9e8a9b40be9ef4c79a3c2d0e6245b0eddc9
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f972b144f7529c72f73850552219c51a96baa17a5252a874f29b0511cf760148
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BFD1FF7220C3118FD728DF68D89179FB7E2EFC1314F05892DE4A58B281EB74950ACB96
                                                                                                                                                                                                                  Function 00C91BB0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 179COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1984222717.0000000000C60000.00000040.10000000.00040000.00000000.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_c60000_FXdg37pY22.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: MetricsSystem
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 4116985748-3916222277
                                                                                                                                                                                                                  • Opcode ID: 40d9b7e86953c54b993dc2e0218a2f94374e0e696b53ea78ca812eb4a394a17b
                                                                                                                                                                                                                  • Instruction ID: d680e4708e7440409a324e775ffc90051ef800d8b50f8c3d6908f7a88f601e9e
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 40d9b7e86953c54b993dc2e0218a2f94374e0e696b53ea78ca812eb4a394a17b
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 19B15AB05097828FD775DF58D48879FBBE0BB86308F508A1DE5E89B250CBB558489F83
                                                                                                                                                                                                                  Function 00C9533A Relevance: 5.4, Strings: 4, Instructions: 405COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1984222717.0000000000C60000.00000040.10000000.00040000.00000000.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_c60000_FXdg37pY22.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID: `$a$b$c
                                                                                                                                                                                                                  • API String ID: 0-1877310501
                                                                                                                                                                                                                  • Opcode ID: e2e9e73d41c23297ad24f630430ff380a2c2dd3a6f8b501e05fd99d788528375
                                                                                                                                                                                                                  • Instruction ID: 064c0fef56b4b93d7b27fd9ced59ccf474d87b847f27880e8d5b62855e85911e
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e2e9e73d41c23297ad24f630430ff380a2c2dd3a6f8b501e05fd99d788528375
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A5127F21908FD2DED326C73C8848745BF917B67328F088398D4E55BBD2C3A9A565C7E2
                                                                                                                                                                                                                  Function 00C86170 Relevance: 5.3, Strings: 4, Instructions: 318COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1984222717.0000000000C60000.00000040.10000000.00040000.00000000.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_c60000_FXdg37pY22.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                                                                                  • String ID: 4zVc$8zVc$YNMZ$cba`
                                                                                                                                                                                                                  • API String ID: 2994545307-1799417857
                                                                                                                                                                                                                  • Opcode ID: 9e225856a81da1d1ce15c59fa0b67176df0c6fde52655daae29c143fad2cd009
                                                                                                                                                                                                                  • Instruction ID: 4abc07018675c9244fbcb280877ababc27d21fe64a0987fc30e77b67594199b3
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9e225856a81da1d1ce15c59fa0b67176df0c6fde52655daae29c143fad2cd009
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 629148B2E043109BD724EE25DC82B2B72A6EFD1318F19853CE9958B251E674AD0487D9
                                                                                                                                                                                                                  Function 00C75ADC Relevance: 4.1, Strings: 3, Instructions: 398COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1984222717.0000000000C60000.00000040.10000000.00040000.00000000.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_c60000_FXdg37pY22.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID: 1/3T$WL$^Q
                                                                                                                                                                                                                  • API String ID: 0-4254228366
                                                                                                                                                                                                                  • Opcode ID: fc83d5ca726e9c98670a808d789cb896fe92b63e48b68fbbab15bb0c70262a24
                                                                                                                                                                                                                  • Instruction ID: f4df87238b07073a26119b682360d8b932061b2c97d167c0617d9c1efbb83b77
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: fc83d5ca726e9c98670a808d789cb896fe92b63e48b68fbbab15bb0c70262a24
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 25D1DFB0100B41CFD7258F25C8A1B62BBB1FF46314F19898CD89A8F7A2D779E955CB90
                                                                                                                                                                                                                  Function 00C697B0 Relevance: 4.1, Strings: 3, Instructions: 396COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1984222717.0000000000C60000.00000040.10000000.00040000.00000000.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_c60000_FXdg37pY22.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID: EIFT$_P$w
                                                                                                                                                                                                                  • API String ID: 0-15419
                                                                                                                                                                                                                  • Opcode ID: bfaed95324407ca3377f3ad7a0a57498c44b1e4c7fc8467ef7eed01bff2cc7bb
                                                                                                                                                                                                                  • Instruction ID: 32d83f83f3a8190554e80f967eda39e2aed70e72c3d16df70e51164016532778
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: bfaed95324407ca3377f3ad7a0a57498c44b1e4c7fc8467ef7eed01bff2cc7bb
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 07C15A7160C3409BD728CF35C8916AFBBE6EBD5314F18892DE0E287391DA39C909CB16
                                                                                                                                                                                                                  Function 00C78731 Relevance: 4.1, Strings: 3, Instructions: 330COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1984222717.0000000000C60000.00000040.10000000.00040000.00000000.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_c60000_FXdg37pY22.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID: lfpu$t~x}$tuv
                                                                                                                                                                                                                  • API String ID: 0-2272480740
                                                                                                                                                                                                                  • Opcode ID: b187da7c80c80d0d4c6a2699bcca377a720f63fb433f46655b7053d8a19ce8ab
                                                                                                                                                                                                                  • Instruction ID: 7b9a3b5bba30bd091d3b223af350f55d1f42d504ca9057949ed25e203fdc1951
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b187da7c80c80d0d4c6a2699bcca377a720f63fb433f46655b7053d8a19ce8ab
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C4A176B5600600CFD725CF29DC92B2677A2FF96314F19C5ACE54A8B362EB34E905CB51
                                                                                                                                                                                                                  Function 00C78FAD Relevance: 4.1, Strings: 3, Instructions: 307COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1984222717.0000000000C60000.00000040.10000000.00040000.00000000.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_c60000_FXdg37pY22.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID: B? !$Z7]9$t3]5
                                                                                                                                                                                                                  • API String ID: 0-3999537062
                                                                                                                                                                                                                  • Opcode ID: d4eefd1db17f648c95ab09cfcaa50a70f24aaf34ea7046a1cbb76fe959c651d0
                                                                                                                                                                                                                  • Instruction ID: a8b4751be4e461cc58dd080e647f5b68b5083c12fb4eb42b33fb3d5be7fae9a1
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d4eefd1db17f648c95ab09cfcaa50a70f24aaf34ea7046a1cbb76fe959c651d0
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FB81F070500712CBCB24CF29C891663B7F2FF9A760B19C65DC49A4FB66E735A952CB40
                                                                                                                                                                                                                  Function 00C792BA Relevance: 4.0, Strings: 3, Instructions: 300COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1984222717.0000000000C60000.00000040.10000000.00040000.00000000.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_c60000_FXdg37pY22.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID: B? !$Z7]9$t3]5
                                                                                                                                                                                                                  • API String ID: 0-3999537062
                                                                                                                                                                                                                  • Opcode ID: e4281b2d23bab9c5c1207ffdff28d0a70a90ed94beae6cc9d39aa6c97d727ac1
                                                                                                                                                                                                                  • Instruction ID: 2e14bf8886718de02f3ae80d77a20b6fbcec8cf8c5b1cd458a4929c749c9863e
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e4281b2d23bab9c5c1207ffdff28d0a70a90ed94beae6cc9d39aa6c97d727ac1
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1F8102716407128BC321CF29C481663F7B2FFA6754B1AC65DC49A0F762E335E982C790
                                                                                                                                                                                                                  Function 00C6D44C Relevance: 3.9, Strings: 3, Instructions: 187COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1984222717.0000000000C60000.00000040.10000000.00040000.00000000.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_c60000_FXdg37pY22.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID: $$OK$P
                                                                                                                                                                                                                  • API String ID: 0-279604475
                                                                                                                                                                                                                  • Opcode ID: 514d4a6f79fce79ebf31596b46c45ffb56f22cd1dcb643d3829d24e0e05f5a4a
                                                                                                                                                                                                                  • Instruction ID: 07b36b0aa110aa254b2e2e76dd9a6af092e74d3f5acb0b568faa25cbef2fe903
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 514d4a6f79fce79ebf31596b46c45ffb56f22cd1dcb643d3829d24e0e05f5a4a
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E3514872E583904BD334CB39D8827EFB6D29BD6305F0DC97DC88EA7605EA3909058742
                                                                                                                                                                                                                  Function 008BB858 Relevance: 3.7, Strings: 2, Instructions: 1157COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1983991856.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1983979746.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984045343.000000000092C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984095471.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984119797.000000000093A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984133777.000000000093D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_8b0000_FXdg37pY22.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID: $9
                                                                                                                                                                                                                  • API String ID: 0-1776416348
                                                                                                                                                                                                                  • Opcode ID: 299e78c38ab005811ca2e8a53905b4ba142f78c5ee09f31ee6fee2ee46185e94
                                                                                                                                                                                                                  • Instruction ID: 7be277c583bdf0a2ea9a65931287e0788b9c2bbe231a6298b8690a6793625950
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 299e78c38ab005811ca2e8a53905b4ba142f78c5ee09f31ee6fee2ee46185e94
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3DB2EFB1E042199FCB21DFA8C8846DDBBF1FB48304F24896AE849EB351E7749985CF41
                                                                                                                                                                                                                  Function 00C80717 Relevance: 3.4, Strings: 2, Instructions: 854COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1984222717.0000000000C60000.00000040.10000000.00040000.00000000.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_c60000_FXdg37pY22.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID: B:@<$F>?0
                                                                                                                                                                                                                  • API String ID: 0-4011826714
                                                                                                                                                                                                                  • Opcode ID: b1d9d1ee7440bc4b8b76e7c5ffa3566595dd2f5a5721fd2419f7404298ce1ad4
                                                                                                                                                                                                                  • Instruction ID: b212f773a4308442b1228856e06dc8a4f2994d7df6a6f1a5106fc9ddc6b10828
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b1d9d1ee7440bc4b8b76e7c5ffa3566595dd2f5a5721fd2419f7404298ce1ad4
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D93255B1A00711CBCB24DF28C892267B7B1FF92318F29825CD8925F795E379A905CBD4
                                                                                                                                                                                                                  Function 00C64BA0 Relevance: 3.3, Strings: 2, Instructions: 815COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1984222717.0000000000C60000.00000040.10000000.00040000.00000000.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_c60000_FXdg37pY22.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID: 0$8
                                                                                                                                                                                                                  • API String ID: 0-46163386
                                                                                                                                                                                                                  • Opcode ID: bc409ae6eb778ce09321f9f20ea48a82c80909eea4a1fab53efefd3ae9699e8e
                                                                                                                                                                                                                  • Instruction ID: efe0fa99eab2d83f54620c2fc57936f1f2ffc75c659b8a692cf3804c95bea7a6
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: bc409ae6eb778ce09321f9f20ea48a82c80909eea4a1fab53efefd3ae9699e8e
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8F7258716083409FD724CF18C880BABBBE1BF89314F58892DF9998B391D775D958CB92
                                                                                                                                                                                                                  Function 00C9A3F0 Relevance: 3.2, Strings: 2, Instructions: 711COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1984222717.0000000000C60000.00000040.10000000.00040000.00000000.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_c60000_FXdg37pY22.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                                                                                  • String ID: cba`$f
                                                                                                                                                                                                                  • API String ID: 2994545307-1109690103
                                                                                                                                                                                                                  • Opcode ID: 3a3f184bd3e22988c1aae1884b0b2416cbce4ed18b2e7c2b29ddb662fd40b711
                                                                                                                                                                                                                  • Instruction ID: e014870bc86a9be12415ef0b585f361001aa01568924ad20c4c7332540adc858
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3a3f184bd3e22988c1aae1884b0b2416cbce4ed18b2e7c2b29ddb662fd40b711
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D322F5716083419FDB14CF29C98572EBBE2EBD5304F29852CE4A687391D771DA05CB93
                                                                                                                                                                                                                  Function 00C8C6D7 Relevance: 3.1, Strings: 2, Instructions: 614COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1984222717.0000000000C60000.00000040.10000000.00040000.00000000.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_c60000_FXdg37pY22.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID: '$iJ
                                                                                                                                                                                                                  • API String ID: 0-30662343
                                                                                                                                                                                                                  • Opcode ID: 3d5f8607ae902805df89a11b0f37c61c4e208e830689aba03fe3e07d701bd21a
                                                                                                                                                                                                                  • Instruction ID: e2e831f51950d5d816d269ef60d7fc6475ab7b44782f39f7d59bc29df25f86c6
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3d5f8607ae902805df89a11b0f37c61c4e208e830689aba03fe3e07d701bd21a
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: EF02D57050C3D18FD729CF2990A03ABBFE1AF97308F18496DD4DA97282D77985098B67
                                                                                                                                                                                                                  Function 00C82270 Relevance: 3.0, Strings: 2, Instructions: 501COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1984222717.0000000000C60000.00000040.10000000.00040000.00000000.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_c60000_FXdg37pY22.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID: TU$c!"
                                                                                                                                                                                                                  • API String ID: 0-3813282519
                                                                                                                                                                                                                  • Opcode ID: a35ed54dad5909fbab65682be5208607e1ced6ea232d1aa12794e78ca15bbbf6
                                                                                                                                                                                                                  • Instruction ID: 2c81e7116271b7c5df17441a9970fb8be8181a3b34297dc6c9f1518799c4499e
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a35ed54dad5909fbab65682be5208607e1ced6ea232d1aa12794e78ca15bbbf6
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CEC146726043008BD724AF29CC9677BB3E6EFD5328F19852CE59687281F738E9058756
                                                                                                                                                                                                                  Function 00C82CF8 Relevance: 2.9, Strings: 2, Instructions: 399COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1984222717.0000000000C60000.00000040.10000000.00040000.00000000.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_c60000_FXdg37pY22.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID: cba`$cba`
                                                                                                                                                                                                                  • API String ID: 0-1405727707
                                                                                                                                                                                                                  • Opcode ID: d913824d3a8230f2632fff8c15f275aaf628cf369555d09ad5cd1c70f7781c60
                                                                                                                                                                                                                  • Instruction ID: 6634f495d9ca0254dcfb9648ebcad87cb9a2c4550c633d6b0f079059816e18a4
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d913824d3a8230f2632fff8c15f275aaf628cf369555d09ad5cd1c70f7781c60
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 44D1E371608242DFD708DF28DC61B2AB3E6FB89319F09886CF596C72A1D734EA51CB45
                                                                                                                                                                                                                  Function 00C64270 Relevance: 2.8, Strings: 2, Instructions: 329COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1984222717.0000000000C60000.00000040.10000000.00040000.00000000.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_c60000_FXdg37pY22.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID: )$IEND
                                                                                                                                                                                                                  • API String ID: 0-707183367
                                                                                                                                                                                                                  • Opcode ID: 088d18e66973fc3358695d5cf5f27422d7ad6f0a692ae68ecd35abadfc332288
                                                                                                                                                                                                                  • Instruction ID: c19110df642960b6ce4fea2716e77f4a07be063b4adb7da7b230ce0e3e9c8621
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 088d18e66973fc3358695d5cf5f27422d7ad6f0a692ae68ecd35abadfc332288
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C1D1DFB1908344AFD724CF18D881B5FBBE4EB95308F14892DF9999B382D775D908CB82
                                                                                                                                                                                                                  Function 00C8B763 Relevance: 2.8, Strings: 2, Instructions: 308COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1984222717.0000000000C60000.00000040.10000000.00040000.00000000.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_c60000_FXdg37pY22.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID: 3$qjjw
                                                                                                                                                                                                                  • API String ID: 0-3235754969
                                                                                                                                                                                                                  • Opcode ID: 785ac2996d469d8ef369258a6d17f2984ae71d1a4245823d5044a40d4b312f3a
                                                                                                                                                                                                                  • Instruction ID: 7e42f849f5be3539dfd52dbb3af0b8302cea3fc9ff4c0ccf00394421ea66006b
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 785ac2996d469d8ef369258a6d17f2984ae71d1a4245823d5044a40d4b312f3a
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 64A1683160C3819BE7249F24C8917ABBBE2EFD2304F18896DE1C94B3D6DB344909D796
                                                                                                                                                                                                                  Function 00C69070 Relevance: 2.8, Strings: 2, Instructions: 292COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1984222717.0000000000C60000.00000040.10000000.00040000.00000000.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_c60000_FXdg37pY22.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID: &$(-$(,"-
                                                                                                                                                                                                                  • API String ID: 0-2940422652
                                                                                                                                                                                                                  • Opcode ID: 842e3b4bad717ffb86fa21b0642b285fa84ec43394ca04797a762ceea37fb35b
                                                                                                                                                                                                                  • Instruction ID: 04737420d7526417291797cd1838e7ac8eb2d370ff0076f21d1c6e3b700853f9
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 842e3b4bad717ffb86fa21b0642b285fa84ec43394ca04797a762ceea37fb35b
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B871046110C3868EC7158F2994E077BBFE1DFE2304F1845AEE4E59B282D7358A0AC762
                                                                                                                                                                                                                  Function 00C7BA48 Relevance: 2.8, Strings: 2, Instructions: 254COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1984222717.0000000000C60000.00000040.10000000.00040000.00000000.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_c60000_FXdg37pY22.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID: %$BzJ
                                                                                                                                                                                                                  • API String ID: 0-1159491165
                                                                                                                                                                                                                  • Opcode ID: 03a5d564861116f03c1206b13d7685e951c034e55186ac12dfb077700ed946f6
                                                                                                                                                                                                                  • Instruction ID: 709b3b7780892a78ad1bc15c90317074b77f79e1c8c332e7fe0ccc8cd3dd4f0e
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 03a5d564861116f03c1206b13d7685e951c034e55186ac12dfb077700ed946f6
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: EA51096410C3C28BD7158B3994617BBBFE19FA3305F68445CE4D687293DB26890ACB67
                                                                                                                                                                                                                  Function 008B4CDD Relevance: 2.7, Strings: 2, Instructions: 231COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1983991856.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1983979746.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984045343.000000000092C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984095471.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984119797.000000000093A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984133777.000000000093D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_8b0000_FXdg37pY22.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID: std$string literal
                                                                                                                                                                                                                  • API String ID: 0-2980153874
                                                                                                                                                                                                                  • Opcode ID: 910ead9f81c7b6d8decb0d9922561959c50851f98259b5476a1a95927c82c1bd
                                                                                                                                                                                                                  • Instruction ID: 9d5808741f8f5a7afa07b5868d8281477445f522669ef3833a66b5ddddf2740d
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 910ead9f81c7b6d8decb0d9922561959c50851f98259b5476a1a95927c82c1bd
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D771B370B046054BDB649F3D88922EAB7E2FB44324F58E539E81ACB397EB34DC058B41
                                                                                                                                                                                                                  Function 00C7D074 Relevance: 2.7, Strings: 2, Instructions: 211COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1984222717.0000000000C60000.00000040.10000000.00040000.00000000.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_c60000_FXdg37pY22.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID: pr$|~
                                                                                                                                                                                                                  • API String ID: 0-4145297803
                                                                                                                                                                                                                  • Opcode ID: 9d374d7262ad937da195107608a7710c56692586693aef0d2bd8843e3df4e33b
                                                                                                                                                                                                                  • Instruction ID: 11c076056039cd140f358f0653297f189409c99f11c21dd126c222180769c164
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9d374d7262ad937da195107608a7710c56692586693aef0d2bd8843e3df4e33b
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1F51F1B060C3508BD7109F24D81276FB7F1EF92315F18896CE4895B391E739DA06DB5A
                                                                                                                                                                                                                  Function 00C7D087 Relevance: 2.7, Strings: 2, Instructions: 207COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1984222717.0000000000C60000.00000040.10000000.00040000.00000000.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_c60000_FXdg37pY22.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID: pr$|~
                                                                                                                                                                                                                  • API String ID: 0-4145297803
                                                                                                                                                                                                                  • Opcode ID: 08918ebbfbe09ae4e9c72c9762e904d89659e8d5bdc5a8b348761a40b05ca7f9
                                                                                                                                                                                                                  • Instruction ID: 3a733be7ec10a1885cd45f3fd647ce52c92240c4e97e504ddfdc897fb760d353
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 08918ebbfbe09ae4e9c72c9762e904d89659e8d5bdc5a8b348761a40b05ca7f9
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7851D0B060C3508BD7109F24C81276FB7F1EF92319F58896CE8895B391E7399A06DB5A
                                                                                                                                                                                                                  Function 00C976B0 Relevance: 2.7, Strings: 2, Instructions: 196COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1984222717.0000000000C60000.00000040.10000000.00040000.00000000.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_c60000_FXdg37pY22.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID: c!"$cba`
                                                                                                                                                                                                                  • API String ID: 0-3815079656
                                                                                                                                                                                                                  • Opcode ID: d735f8ecbe516fb6bd5ce4e1ed62eef1181671081aa9aed126d59087d2928bf5
                                                                                                                                                                                                                  • Instruction ID: 6cd8ccd729146d1617dd7887248e90bee001e07f13dcbcc0b73d3b2493dbb919
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d735f8ecbe516fb6bd5ce4e1ed62eef1181671081aa9aed126d59087d2928bf5
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8E51277461D200ABEB10DF68DC8AB3F77A6EFC5704F19892CF18687291D7709900DBA2
                                                                                                                                                                                                                  Function 00C8536C Relevance: 2.7, Strings: 2, Instructions: 185COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1984222717.0000000000C60000.00000040.10000000.00040000.00000000.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_c60000_FXdg37pY22.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID: BLJB$X
                                                                                                                                                                                                                  • API String ID: 0-2222927247
                                                                                                                                                                                                                  • Opcode ID: d39c10e266a3b6a19a35d365d47d3a6e488bbc3a26393f48db9997e62bcf6cb1
                                                                                                                                                                                                                  • Instruction ID: 08657559c436f403f14853831d023fedb7c14818882fa5c8a8a43e3eb34e6eb0
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d39c10e266a3b6a19a35d365d47d3a6e488bbc3a26393f48db9997e62bcf6cb1
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 45519C31658B418BD7309F6884412EBBBE1DF91358F58493DD4E987382E3B4D645E34A
                                                                                                                                                                                                                  Function 00C87653 Relevance: 2.6, Strings: 2, Instructions: 86COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1984222717.0000000000C60000.00000040.10000000.00040000.00000000.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_c60000_FXdg37pY22.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID: H.s $ij
                                                                                                                                                                                                                  • API String ID: 0-4017226643
                                                                                                                                                                                                                  • Opcode ID: d319f11374fe16da49f126d1a8ba78cf2dc619feb6e62fb9839d3c27eb6f2769
                                                                                                                                                                                                                  • Instruction ID: 3871496bedd1ae94f243968b63c9b6149f94250578cec9807fa4a609c48ec031
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d319f11374fe16da49f126d1a8ba78cf2dc619feb6e62fb9839d3c27eb6f2769
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4A31CD7260D3908FD314CF65C48135FBBE2EBC6704F558A2CE4956B340CBB49906CB46
                                                                                                                                                                                                                  Function 00C75EE0 Relevance: 1.9, Strings: 1, Instructions: 625COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1984222717.0000000000C60000.00000040.10000000.00040000.00000000.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_c60000_FXdg37pY22.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                                                                                  • String ID: 1/3T
                                                                                                                                                                                                                  • API String ID: 2994545307-3266294232
                                                                                                                                                                                                                  • Opcode ID: 7101d2caa8a1736c5679746d0066afa8cb4105d2a3ac684ccaf4bbce8b02c030
                                                                                                                                                                                                                  • Instruction ID: b2227faddc2149554e5ebc74d922efd5a0c035263707025c779a6e29ac3c9146
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7101d2caa8a1736c5679746d0066afa8cb4105d2a3ac684ccaf4bbce8b02c030
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E1F10574204B41CFE7258F29C891B76BBE2FF56300F18899CE5EA8B392C775A941DB50
                                                                                                                                                                                                                  Function 00C74F08 Relevance: 1.9, Strings: 1, Instructions: 609COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1984222717.0000000000C60000.00000040.10000000.00040000.00000000.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_c60000_FXdg37pY22.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID: cba`
                                                                                                                                                                                                                  • API String ID: 0-1926275841
                                                                                                                                                                                                                  • Opcode ID: 8e82e0cab0e6ffbe7642d11507c7c5b92b108ca90d535b079f56093e7d83c3ca
                                                                                                                                                                                                                  • Instruction ID: 4280af49b25f88f84b1185f1770d03018d6ca88c576d523f23548791805bca07
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8e82e0cab0e6ffbe7642d11507c7c5b92b108ca90d535b079f56093e7d83c3ca
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7F02CD30608300DFDB189F68DC62B6FB7A5FB96308F54982CF585972A2D771E915CB82
                                                                                                                                                                                                                  Function 00C97900 Relevance: 1.7, Strings: 1, Instructions: 497COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1984222717.0000000000C60000.00000040.10000000.00040000.00000000.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_c60000_FXdg37pY22.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID: cba`
                                                                                                                                                                                                                  • API String ID: 0-1926275841
                                                                                                                                                                                                                  • Opcode ID: 557c86fe9d52b3f7da911024dd958d3ad03538fea15bc6f0b65c39ebdfcb4543
                                                                                                                                                                                                                  • Instruction ID: e171f247af4cc22888e5dc1c400084bfe18f845ee2a71f2c8c29d40cddc88bbc
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 557c86fe9d52b3f7da911024dd958d3ad03538fea15bc6f0b65c39ebdfcb4543
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 52C1553291E3109BDB24DE15D8C967FB7A2EF85714F09862CE99617252E730AE04C7D2
                                                                                                                                                                                                                  Function 00C74A40 Relevance: 1.7, Strings: 1, Instructions: 471COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1984222717.0000000000C60000.00000040.10000000.00040000.00000000.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_c60000_FXdg37pY22.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID: K%
                                                                                                                                                                                                                  • API String ID: 0-424693878
                                                                                                                                                                                                                  • Opcode ID: 7c49933067b8859eeef272dca11b044514a6b755c574a07feedfeda6ba01a24e
                                                                                                                                                                                                                  • Instruction ID: 5bd10b0101d8ea02cc9e00a9f7c5d54ec22ade97aa79cc3b600391a6dde49c97
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7c49933067b8859eeef272dca11b044514a6b755c574a07feedfeda6ba01a24e
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 51C126716183048BDB189F68DC9276BB3E1FF95324F088A2CE596C7291E7B8DA44C391
                                                                                                                                                                                                                  Function 00C8BFDA Relevance: 1.7, Strings: 1, Instructions: 461COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1984222717.0000000000C60000.00000040.10000000.00040000.00000000.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_c60000_FXdg37pY22.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID: x
                                                                                                                                                                                                                  • API String ID: 0-2363233923
                                                                                                                                                                                                                  • Opcode ID: e7d2a2941a3c7aa59901e79db2b02d0394d225c5917cd20725edf89e26b35a07
                                                                                                                                                                                                                  • Instruction ID: a48033ceb13eab846bcf3bd5d6fc3f4747d09fc36cc1f0d7900ab8447d1e41f1
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e7d2a2941a3c7aa59901e79db2b02d0394d225c5917cd20725edf89e26b35a07
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 29D1E76060C3D08EDB359B2584903BBBFD1AFE7348F5849ADD0D99B282D739450ACB67
                                                                                                                                                                                                                  Function 00C8BFD3 Relevance: 1.7, Strings: 1, Instructions: 456COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1984222717.0000000000C60000.00000040.10000000.00040000.00000000.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_c60000_FXdg37pY22.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID: x
                                                                                                                                                                                                                  • API String ID: 0-2363233923
                                                                                                                                                                                                                  • Opcode ID: 3536d72284120c0fba492055e25bbe4f2ebffbfb5f602d5678f64c39811bfa5f
                                                                                                                                                                                                                  • Instruction ID: 5300b54400f6d65027e1e600d12b2a06fa8f65d0cc55e868c03d59b99d96754e
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3536d72284120c0fba492055e25bbe4f2ebffbfb5f602d5678f64c39811bfa5f
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0ED1266060C7D18EDB398B2984903BBBBD1AFE7348F08856DD0D54B282D739890AC767
                                                                                                                                                                                                                  Function 00C8297F Relevance: 1.7, Strings: 1, Instructions: 408COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1984222717.0000000000C60000.00000040.10000000.00040000.00000000.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_c60000_FXdg37pY22.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID: cba`
                                                                                                                                                                                                                  • API String ID: 0-1926275841
                                                                                                                                                                                                                  • Opcode ID: 69d18b952f1544c86dc60b671df3a8881deb90166cdf6bdcdf5d12f8926284f9
                                                                                                                                                                                                                  • Instruction ID: d0126f82e5ded395160f71db48e96ed5735f8af54bee1c4bc40a7a71f0194742
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 69d18b952f1544c86dc60b671df3a8881deb90166cdf6bdcdf5d12f8926284f9
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 20C105756083508FC318DF29D89172EBBE2EF86719F09856CE8A24B391D7359E01DB85
                                                                                                                                                                                                                  Function 00C8A630 Relevance: 1.6, Strings: 1, Instructions: 396COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1984222717.0000000000C60000.00000040.10000000.00040000.00000000.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_c60000_FXdg37pY22.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID: "
                                                                                                                                                                                                                  • API String ID: 0-123907689
                                                                                                                                                                                                                  • Opcode ID: 4abfa2479a0e4305d02d5d5ee4678300abeb872efe24ce69da09627c08f165b8
                                                                                                                                                                                                                  • Instruction ID: 9ff73643fa8e64ff1edeb54f794c5abc4980165ee615e19091550d361aeb01b7
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4abfa2479a0e4305d02d5d5ee4678300abeb872efe24ce69da09627c08f165b8
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 46C13BB2A083005FE725AE24C48076BB7E5AF85318F1D852FE4A687382E738DD45D797
                                                                                                                                                                                                                  Function 00C9E690 Relevance: 1.6, Strings: 1, Instructions: 384COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1984222717.0000000000C60000.00000040.10000000.00040000.00000000.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_c60000_FXdg37pY22.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                                                                                  • String ID: @CDE
                                                                                                                                                                                                                  • API String ID: 2994545307-1513065382
                                                                                                                                                                                                                  • Opcode ID: e3eeb01dc73c7a9b298be41ae723c845077620c146096089dd13679cb91ab4fb
                                                                                                                                                                                                                  • Instruction ID: f80de47b0ae1650c20f29757bb12ce4ad96c82118aea70291a471ef789103353
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e3eeb01dc73c7a9b298be41ae723c845077620c146096089dd13679cb91ab4fb
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2AB145717483408BCB18CB29C8D5A3BBBE6EBE5314F1CC92CE59687392DA349C458792
                                                                                                                                                                                                                  Function 00C87C9D Relevance: 1.6, Strings: 1, Instructions: 357COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1984222717.0000000000C60000.00000040.10000000.00040000.00000000.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_c60000_FXdg37pY22.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID: cba`
                                                                                                                                                                                                                  • API String ID: 0-1926275841
                                                                                                                                                                                                                  • Opcode ID: b13155857c75aa5b1979bd6bf48f534d285d529c25df77d4626dcd50e73663bd
                                                                                                                                                                                                                  • Instruction ID: e49ba018bdab1169acbbee3218538603cc24f39ccdea48ca08435e02a64a43b4
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b13155857c75aa5b1979bd6bf48f534d285d529c25df77d4626dcd50e73663bd
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D6B11671A087148FD718DF68D89072FB7E2ABC5304F19866CE9568B392EB70DC01DB85
                                                                                                                                                                                                                  Function 00C81EE0 Relevance: 1.6, Strings: 1, Instructions: 332COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1984222717.0000000000C60000.00000040.10000000.00040000.00000000.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_c60000_FXdg37pY22.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID: x%
                                                                                                                                                                                                                  • API String ID: 0-3980080454
                                                                                                                                                                                                                  • Opcode ID: dfdd2e11097ce8cad31a9defaa578a8bc8a53044bd0bbcd82cc425c44a26b183
                                                                                                                                                                                                                  • Instruction ID: ef1090af80dadff6474c4ffb3fd859b0203ffc622e4ebcfe6b7b96778efbf3fc
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: dfdd2e11097ce8cad31a9defaa578a8bc8a53044bd0bbcd82cc425c44a26b183
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 97A143B16043009BCB20EF64CC99B6B77E4EF95358F18492CE9868B391E775ED04C766
                                                                                                                                                                                                                  Function 00C94C4D Relevance: 1.6, Strings: 1, Instructions: 311COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1984222717.0000000000C60000.00000040.10000000.00040000.00000000.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_c60000_FXdg37pY22.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID: cba`
                                                                                                                                                                                                                  • API String ID: 0-1926275841
                                                                                                                                                                                                                  • Opcode ID: 99a5daaa52726f81de7e53ad47898fb44fd88c8ee52c5c4d2fad4f9f7fb75d80
                                                                                                                                                                                                                  • Instruction ID: 0272760eb4520e82cabfc0a44cf0970165275ae02523d2e140ff0f6f3adb09f3
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 99a5daaa52726f81de7e53ad47898fb44fd88c8ee52c5c4d2fad4f9f7fb75d80
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E0E1F521508BD18ED736CA3C880835BBFE16B67314F08CB9CD4EA5B7D2C279A905C7A5
                                                                                                                                                                                                                  Function 00C7CB5A Relevance: 1.6, Strings: 1, Instructions: 304COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1984222717.0000000000C60000.00000040.10000000.00040000.00000000.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_c60000_FXdg37pY22.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID: ^@
                                                                                                                                                                                                                  • API String ID: 0-1015691136
                                                                                                                                                                                                                  • Opcode ID: 39c602e10f8e2559cf25d4f5a8c9cc94235464c0e4c306fee876064dae992190
                                                                                                                                                                                                                  • Instruction ID: 5ffa70f9f493d899e3d1e629b9047872763f99eafef094c2e60cf9caa26b4e84
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 39c602e10f8e2559cf25d4f5a8c9cc94235464c0e4c306fee876064dae992190
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CE71ABB66483118BC724CF59C49222BF7F2FFD5714F09981CE8E99B350E3789A01879A
                                                                                                                                                                                                                  Function 00C83A00 Relevance: 1.5, Strings: 1, Instructions: 287COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1984222717.0000000000C60000.00000040.10000000.00040000.00000000.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_c60000_FXdg37pY22.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID: vw
                                                                                                                                                                                                                  • API String ID: 0-4141688848
                                                                                                                                                                                                                  • Opcode ID: 620f07037c01afee1607238f1998c4aea42b0146dd9fabbc6a471e99c8ad0bc6
                                                                                                                                                                                                                  • Instruction ID: bf75dcf58955b777ba1b69de4553cae882d0ed1ea9ab9754211bf0b61b70101e
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 620f07037c01afee1607238f1998c4aea42b0146dd9fabbc6a471e99c8ad0bc6
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: AC91417220C3548BD324CFA8DC81B5FBBE1FBC5718F154A2CFA985B280D7B199058B82
                                                                                                                                                                                                                  Function 00C901D0 Relevance: 1.5, Strings: 1, Instructions: 285COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1984222717.0000000000C60000.00000040.10000000.00040000.00000000.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_c60000_FXdg37pY22.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID: 0
                                                                                                                                                                                                                  • API String ID: 0-4108050209
                                                                                                                                                                                                                  • Opcode ID: a593688402f526093516f3c5470bca211f4bb924cbfde1687e78f539f53802aa
                                                                                                                                                                                                                  • Instruction ID: fd1053afa0e2d2d88ea9b01752beca93f709066c55fa4069b8a55f90cc89bbcc
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a593688402f526093516f3c5470bca211f4bb924cbfde1687e78f539f53802aa
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3F914833619A904BCB2C5D7D0C6A3BA7A934BD7330B3E836EB5B6CB3E2D51988055350
                                                                                                                                                                                                                  Function 008BF3E3 Relevance: 1.5, APIs: 1, Instructions: 19timeCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • GetSystemTimeAsFileTime.KERNEL32(?,?,?,?,?,?,?,?,?,008BF486), ref: 008BF3EF
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1983991856.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1983979746.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984045343.000000000092C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984095471.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984119797.000000000093A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984133777.000000000093D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_8b0000_FXdg37pY22.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Time$FileSystem
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 2086374402-0
                                                                                                                                                                                                                  • Opcode ID: 9f81d94e9f8fd43feb88c5702037cbcb5ba345ba59e8ec23f37ff0ec2cf94d5c
                                                                                                                                                                                                                  • Instruction ID: 1f2a803a404608e0fc7002773e2b08dc06c9d03d42034c462be55f3f0349c23c
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9f81d94e9f8fd43feb88c5702037cbcb5ba345ba59e8ec23f37ff0ec2cf94d5c
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DBE092B890C709AFCB04EFA8D88556EBBF8BF88304F00882DA499D3341E734D4819F56
                                                                                                                                                                                                                  Function 00C7D420 Relevance: 1.5, Strings: 1, Instructions: 268COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1984222717.0000000000C60000.00000040.10000000.00040000.00000000.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_c60000_FXdg37pY22.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID: ~
                                                                                                                                                                                                                  • API String ID: 0-1707062198
                                                                                                                                                                                                                  • Opcode ID: 380d39a620121c9d4a47ebe5b5ff2e60a019e457276e19ada826f620ad680acb
                                                                                                                                                                                                                  • Instruction ID: fe506d19eaffbdb1c3a18a64a935d5f7c300fa2991077dfc3e5dc32d8506ce53
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 380d39a620121c9d4a47ebe5b5ff2e60a019e457276e19ada826f620ad680acb
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A98129729042614FCB21CE28C89079ABBE1AF85324F19C67DECBE9B392D6349D05D7D1
                                                                                                                                                                                                                  Function 008BA967 Relevance: 1.5, Strings: 1, Instructions: 265COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1983991856.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1983979746.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984045343.000000000092C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984095471.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984119797.000000000093A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984133777.000000000093D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_8b0000_FXdg37pY22.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID: .
                                                                                                                                                                                                                  • API String ID: 0-248832578
                                                                                                                                                                                                                  • Opcode ID: 021aba50e82c8cd3dc8493c7607a4a3bc533dfa9f72cb4aca3287125ce1711b9
                                                                                                                                                                                                                  • Instruction ID: 5860f937a688d1dc5f8d11195390f591e6e1bcfed25eda3f36f600a842610928
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 021aba50e82c8cd3dc8493c7607a4a3bc533dfa9f72cb4aca3287125ce1711b9
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A0A1BC30A007198BDB28CA99C8817EEB7E6FF84364F14C12AE462D7745DB74EC45CB12
                                                                                                                                                                                                                  Function 00C9A030 Relevance: 1.5, Strings: 1, Instructions: 254COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1984222717.0000000000C60000.00000040.10000000.00040000.00000000.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_c60000_FXdg37pY22.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                                                                                  • String ID: cba`
                                                                                                                                                                                                                  • API String ID: 2994545307-1926275841
                                                                                                                                                                                                                  • Opcode ID: aaafe3d115618104b04b67e60e3630a519a1ee150db539250dc48058941d01ce
                                                                                                                                                                                                                  • Instruction ID: 05bdbfb2cadb1b1799c993148cba40bad3c40224a27d6f23b360aaec36bca5bc
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: aaafe3d115618104b04b67e60e3630a519a1ee150db539250dc48058941d01ce
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 33713771A087409FDB189F2CD89977EB7A2EB95314F18452CE5A7876A1D7319A00CB83
                                                                                                                                                                                                                  Function 00C8A100 Relevance: 1.5, Strings: 1, Instructions: 241COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1984222717.0000000000C60000.00000040.10000000.00040000.00000000.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_c60000_FXdg37pY22.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID: "
                                                                                                                                                                                                                  • API String ID: 0-123907689
                                                                                                                                                                                                                  • Opcode ID: 1bde58d3ad00dbcf7b211c85afe0c87ae7ec8536041c5ee7d742fbdcfbaf8b1e
                                                                                                                                                                                                                  • Instruction ID: 608ca11d751950f040f8705c0adc2b6885fca8f4435539e97a2e65b133e2dda9
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1bde58d3ad00dbcf7b211c85afe0c87ae7ec8536041c5ee7d742fbdcfbaf8b1e
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6971FA327097159BE724AD6D8C8421FB6C35BC6338F19C72AE8B58B3E5D674CD01838A
                                                                                                                                                                                                                  Function 00C8AAD0 Relevance: 1.5, Strings: 1, Instructions: 236COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1984222717.0000000000C60000.00000040.10000000.00040000.00000000.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_c60000_FXdg37pY22.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID: "
                                                                                                                                                                                                                  • API String ID: 0-123907689
                                                                                                                                                                                                                  • Opcode ID: 08379c2cfec4ee4560f7149afc2674de524dbb751cb7c6d8c58db735b762b861
                                                                                                                                                                                                                  • Instruction ID: 8864b4c056bac5897d62f2bc84c93db7b7ae0d9e022456df9da863c774a4e485
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 08379c2cfec4ee4560f7149afc2674de524dbb751cb7c6d8c58db735b762b861
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: ED71E432A083155BE714EE2DC48032EB7E3ABC5718F29892FE4A49B391D235DD45878B
                                                                                                                                                                                                                  Function 00C77E82 Relevance: 1.5, Strings: 1, Instructions: 236COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1984222717.0000000000C60000.00000040.10000000.00040000.00000000.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_c60000_FXdg37pY22.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID: tuv
                                                                                                                                                                                                                  • API String ID: 0-2475268160
                                                                                                                                                                                                                  • Opcode ID: 0ebf37e1cad9156967490ee95985a6fccad013939ef031642d01831f75f661ae
                                                                                                                                                                                                                  • Instruction ID: 053eeccf2813023d0aa515588fce48f1654f9cc2651b976179d8525d22adbdaf
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0ebf37e1cad9156967490ee95985a6fccad013939ef031642d01831f75f661ae
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 406174B2504704CFC7208F64C992777B3E2FF56318F188A6CEAAA873A0E775A904D751
                                                                                                                                                                                                                  Function 00C756D0 Relevance: 1.5, Strings: 1, Instructions: 219COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1984222717.0000000000C60000.00000040.10000000.00040000.00000000.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_c60000_FXdg37pY22.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID: gfff
                                                                                                                                                                                                                  • API String ID: 0-1553575800
                                                                                                                                                                                                                  • Opcode ID: 900fa78a633f0ff8ece585be1e97217325610e2fe1944a83e59a6fef324c7605
                                                                                                                                                                                                                  • Instruction ID: 00e11b01a5a3a50bfaa29c31425e32ae339548c663adeb951756397411df9b4d
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 900fa78a633f0ff8ece585be1e97217325610e2fe1944a83e59a6fef324c7605
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3371E775610B008FE728CF29C891B66B7E2FB85314F18C66DD59ACB395DB74E845CB80
                                                                                                                                                                                                                  Function 00C8BA8D Relevance: 1.5, Strings: 1, Instructions: 216COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1984222717.0000000000C60000.00000040.10000000.00040000.00000000.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_c60000_FXdg37pY22.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID: `pd-
                                                                                                                                                                                                                  • API String ID: 0-182301337
                                                                                                                                                                                                                  • Opcode ID: 8d28b2c9d8deed1e6d5e9b468fe5e47d401f854087d81f4c30f5c51cfd815ec0
                                                                                                                                                                                                                  • Instruction ID: 407bf9f6e8a41648f1062b80d046cdae49ef67b61e8dda94da42822547c7b183
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8d28b2c9d8deed1e6d5e9b468fe5e47d401f854087d81f4c30f5c51cfd815ec0
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 165105312087818FEB35CF2588507ABBBE2AFE3318F58495CD0C58B252DB75490ACB97
                                                                                                                                                                                                                  Function 00C6E06A Relevance: 1.5, Strings: 1, Instructions: 210COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1984222717.0000000000C60000.00000040.10000000.00040000.00000000.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_c60000_FXdg37pY22.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                                                                                  • String ID: cba`
                                                                                                                                                                                                                  • API String ID: 2994545307-1926275841
                                                                                                                                                                                                                  • Opcode ID: 94edaac50011bd7032b287b77e22955b4ff45ada6bafe73c2a7b4a19be815019
                                                                                                                                                                                                                  • Instruction ID: ad26bc833676688559008006b38d75865f6b8f21e323a4aa2145b88789f22e4a
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 94edaac50011bd7032b287b77e22955b4ff45ada6bafe73c2a7b4a19be815019
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B051D6382082809BE7788B18DCD2BBF7796EB92718F24983DE55A97253D6309D459710
                                                                                                                                                                                                                  Function 00C8B4BB Relevance: 1.4, Strings: 1, Instructions: 138COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1984222717.0000000000C60000.00000040.10000000.00040000.00000000.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_c60000_FXdg37pY22.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID: CUUI
                                                                                                                                                                                                                  • API String ID: 0-173970609
                                                                                                                                                                                                                  • Opcode ID: 4880a36679a0f626121d62e4a2531c171daa0533aa334bdbe6d439d45e2b3a1e
                                                                                                                                                                                                                  • Instruction ID: d818ee7b45dba4fd5f0a29f1a88db57e2240a1f4806cf2254f7e8cbb0d49b189
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4880a36679a0f626121d62e4a2531c171daa0533aa334bdbe6d439d45e2b3a1e
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1C4117B010C7D08ADB358F2584903ABBBE29FD3308F5884ADC6D967653C3758D06CB5A
                                                                                                                                                                                                                  Function 00C9DBD0 Relevance: 1.3, Strings: 1, Instructions: 97COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1984222717.0000000000C60000.00000040.10000000.00040000.00000000.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_c60000_FXdg37pY22.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                                                                                  • String ID: @
                                                                                                                                                                                                                  • API String ID: 2994545307-2766056989
                                                                                                                                                                                                                  • Opcode ID: b16bf7694b17434d67454c854f6cd6165ae13a6ac4b6207c30f2fa5dbbb19ede
                                                                                                                                                                                                                  • Instruction ID: b20611e39b0495e111c99b0f35a95ea042f37bd1e64eeb2b06a4cee6403a7471
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b16bf7694b17434d67454c854f6cd6165ae13a6ac4b6207c30f2fa5dbbb19ede
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 813101B11083049FC714DF18D8C1A6BBBF8FFA6314F14892CE69697291D3719A08CB96
                                                                                                                                                                                                                  Function 00C85230 Relevance: 1.3, Strings: 1, Instructions: 96COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1984222717.0000000000C60000.00000040.10000000.00040000.00000000.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_c60000_FXdg37pY22.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                                                                                  • String ID: cba`
                                                                                                                                                                                                                  • API String ID: 2994545307-1926275841
                                                                                                                                                                                                                  • Opcode ID: 20eb09766ddfe705b0f5f2ed3124ca03455d3fcac7afe58befd13a9043d7fc58
                                                                                                                                                                                                                  • Instruction ID: f0587ae29e1af11f11abc34de95907688ccdf9d115a12ed17e26deed89f96e06
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 20eb09766ddfe705b0f5f2ed3124ca03455d3fcac7afe58befd13a9043d7fc58
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8F116A36A44B104BC324DE28CDC266A77E1EB85318F55173CE8B9D33A2E2A0DC0097D9
                                                                                                                                                                                                                  Function 00C70FD6 Relevance: .9, Instructions: 882COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1984222717.0000000000C60000.00000040.10000000.00040000.00000000.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_c60000_FXdg37pY22.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: 615f7c50041984d1be6d73d870a059466ee67830545a722016cb581c33e45abc
                                                                                                                                                                                                                  • Instruction ID: d337bc810d5b171022561f6b527ab165af6f535ee2393de73290e145453e336a
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 615f7c50041984d1be6d73d870a059466ee67830545a722016cb581c33e45abc
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6E72D4B5604B408FD724DF3CC48536ABBE1AB95320F198A2DD8EBC7792E635E505DB02
                                                                                                                                                                                                                  Function 00C62EA0 Relevance: .7, Instructions: 675COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1984222717.0000000000C60000.00000040.10000000.00040000.00000000.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_c60000_FXdg37pY22.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: a5d4c46180dfd178711357de7976daa1940adcbbea30e65e8404a69473259091
                                                                                                                                                                                                                  • Instruction ID: 198c69d38451c69f9996126d0ddf58e70c53b5c18e026dae2e72f651d8dfb9e8
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a5d4c46180dfd178711357de7976daa1940adcbbea30e65e8404a69473259091
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E352D2715083858FCB25CF19C0D06AABBE1FF88318F19896DF89A57351D778EA49CB81
                                                                                                                                                                                                                  Function 00C66690 Relevance: .7, Instructions: 665COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1984222717.0000000000C60000.00000040.10000000.00040000.00000000.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_c60000_FXdg37pY22.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: cdc0c8846e0524d95efa3a5c1de386f3f7df17731705c3278a9a0ace2dd38eb9
                                                                                                                                                                                                                  • Instruction ID: 1971ee82b12486039b12844571147648075327d4d3d007fe0bfe12e2d174ea51
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: cdc0c8846e0524d95efa3a5c1de386f3f7df17731705c3278a9a0ace2dd38eb9
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F152D170908B849FE731CB34C4C43A7BBE1AB95314F148E6ED5E706AC2C379AA85D752
                                                                                                                                                                                                                  Function 00C7EF30 Relevance: .6, Instructions: 647COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1984222717.0000000000C60000.00000040.10000000.00040000.00000000.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_c60000_FXdg37pY22.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: 5858a786674db940c51e3d747c02de2d457d496f75b6ad6e992d544b75467162
                                                                                                                                                                                                                  • Instruction ID: 88aa1ffc4ef12dc4d3918408f40743a3d1366c2a65525e373d4bc2d052e18b33
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5858a786674db940c51e3d747c02de2d457d496f75b6ad6e992d544b75467162
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6F6279B0608B818ED365CF3C8855797BFE5AB5A318F044A9DE0EF87392C7766101CB66
                                                                                                                                                                                                                  Function 00C67470 Relevance: .6, Instructions: 625COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1984222717.0000000000C60000.00000040.10000000.00040000.00000000.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_c60000_FXdg37pY22.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: b4f2b084faef48d893cec2519f241ff843f37aefc35a02b9a69ce986de1685e5
                                                                                                                                                                                                                  • Instruction ID: d9a060e0867097f7f7620c8da2976bf7ac9cc7ca86f0463846544a7b18d4a2e6
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b4f2b084faef48d893cec2519f241ff843f37aefc35a02b9a69ce986de1685e5
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E522A032A0C7118BC735DF18D8806ABB3E1FFC4319F298E2DD99697285D734A955CB82
                                                                                                                                                                                                                  Function 00C71B1B Relevance: .6, Instructions: 612COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1984222717.0000000000C60000.00000040.10000000.00040000.00000000.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_c60000_FXdg37pY22.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: 1d5e45c926a965c2f30039b22c2efdb6c3ebe1548e5e47cee3e0437178a5efa4
                                                                                                                                                                                                                  • Instruction ID: a8e596ef5bf2501e5311dc05838e4cc24dc8553d4968c5f0f04462a041ac52bb
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1d5e45c926a965c2f30039b22c2efdb6c3ebe1548e5e47cee3e0437178a5efa4
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3B32F675A04B408FD724EF38C485366BBE1AF89310F198A2DD8EF87392D634E509DB12
                                                                                                                                                                                                                  Function 00C638C0 Relevance: .6, Instructions: 600COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1984222717.0000000000C60000.00000040.10000000.00040000.00000000.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_c60000_FXdg37pY22.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: bc0687d6f71db28694999f555d0c1c5efc92ca1200a07d08dd2153bb3bb8001c
                                                                                                                                                                                                                  • Instruction ID: 1115898a4499f91fde65f5f96fc61bd884f1536f59767754d892463fa970204c
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: bc0687d6f71db28694999f555d0c1c5efc92ca1200a07d08dd2153bb3bb8001c
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DF321170914B918FC338CF6AC5D052ABBF1BF85710B604A2ED6A787A90D736FA45DB10
                                                                                                                                                                                                                  Function 008D00D0 Relevance: .6, Instructions: 572COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1983991856.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1983979746.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984045343.000000000092C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984095471.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984119797.000000000093A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984133777.000000000093D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_8b0000_FXdg37pY22.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: 86e711a3922a806e3fd49dfb4f42d968ed71f40aad3b5ef401efee48bb67dd67
                                                                                                                                                                                                                  • Instruction ID: 5b2f70cd34ed99493ab3f68069a035b7054d54d82091a5ad90bd40c4009d1189
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 86e711a3922a806e3fd49dfb4f42d968ed71f40aad3b5ef401efee48bb67dd67
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4E52E2B0A04708DFDB18DFA9D494A9DBBF1BF88310F15C66AE498AB362D7749841CF41
                                                                                                                                                                                                                  Function 008CF80C Relevance: .6, Instructions: 572COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1983991856.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1983979746.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984045343.000000000092C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984095471.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984119797.000000000093A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984133777.000000000093D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_8b0000_FXdg37pY22.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: 42f0f524011306a600b1646b3687b0c60b22a81f49ab29fc458f4974372aadf4
                                                                                                                                                                                                                  • Instruction ID: c51f84f8d4f54a6e994212629f51a0ad3a94ad1ed533307685ddf3f5f68aeeac
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 42f0f524011306a600b1646b3687b0c60b22a81f49ab29fc458f4974372aadf4
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1452B0B0904718DFDB18EFA9D484A9DBBF1BF88310F15866EE4989B3A2D7749841CF41
                                                                                                                                                                                                                  Function 00C9CAC0 Relevance: .5, Instructions: 548COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1984222717.0000000000C60000.00000040.10000000.00040000.00000000.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_c60000_FXdg37pY22.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: f2013b7afcdf4474ebf2ef3e9e507629f9b6988b252492318f9c22ee64f3b869
                                                                                                                                                                                                                  • Instruction ID: 759dbc27b7d36328bc0081d232024c6f95bcb5168ea9bb7badb0ee4bef9c33a5
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f2013b7afcdf4474ebf2ef3e9e507629f9b6988b252492318f9c22ee64f3b869
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0502FE36A04216CFCB04CF68E8907AEB7F2FB8A359F198479E58697351D734A951CB80
                                                                                                                                                                                                                  Function 008E4934 Relevance: .5, Instructions: 516COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1983991856.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1983979746.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984045343.000000000092C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984095471.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984119797.000000000093A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984133777.000000000093D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_8b0000_FXdg37pY22.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: ab6750c39350aee2653be26abd94eb1b73b0dd096185da1d7c6154dbd61f8396
                                                                                                                                                                                                                  • Instruction ID: a2c12b02acfe81fcba232fb2438b5d49b389103b5fdd77e4afeb8cab48b9aa23
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ab6750c39350aee2653be26abd94eb1b73b0dd096185da1d7c6154dbd61f8396
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F242C474904398CEDF20DFA9C58079CBBB0BF49354F14919AE899EB352D7709A84CF51
                                                                                                                                                                                                                  Function 008E5120 Relevance: .5, Instructions: 514COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1983991856.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1983979746.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984045343.000000000092C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984095471.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984119797.000000000093A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984133777.000000000093D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_8b0000_FXdg37pY22.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: f81ac09565bb0f3a0e76de7b6a98c0fa670b21a7b507b6c45be993b27c174bd0
                                                                                                                                                                                                                  • Instruction ID: 7fff6a5b28557ffb6e0b2246dd6ee367a6bd7787b4d06ad612b7b672c1c77b4b
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f81ac09565bb0f3a0e76de7b6a98c0fa670b21a7b507b6c45be993b27c174bd0
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7B42F7749046A8CFDB20DF69C88079DBBB1FF0A318F548199D898EB352DB709A85CF51
                                                                                                                                                                                                                  Function 008E79A0 Relevance: .5, Instructions: 514COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1983991856.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1983979746.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984045343.000000000092C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984095471.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984119797.000000000093A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984133777.000000000093D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_8b0000_FXdg37pY22.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: 7b282875e7e891512c72531b1cc37210f54c7c8e64f20467188c80a2a8ec9504
                                                                                                                                                                                                                  • Instruction ID: 7704a2bc4328c9e815f0f98ddae4ef595cfa2541fc40f0a1e425d19a773c62e2
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7b282875e7e891512c72531b1cc37210f54c7c8e64f20467188c80a2a8ec9504
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9932DF74D083989FDB20DFA9C4846DDBBB0FF4A314F24815AE898AB392D7709985CF51
                                                                                                                                                                                                                  Function 008DED70 Relevance: .5, Instructions: 504COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1983991856.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1983979746.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984045343.000000000092C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984095471.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984119797.000000000093A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984133777.000000000093D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_8b0000_FXdg37pY22.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: 79fcb6d6156931a3b00129b159ca71bbd334f0ef4e7d1b0bac8cc45db1f679e2
                                                                                                                                                                                                                  • Instruction ID: e04a26315ba3ac3af15c6664ad236b2120e0db5d8e4e0ac6f2dc082f63af3da9
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 79fcb6d6156931a3b00129b159ca71bbd334f0ef4e7d1b0bac8cc45db1f679e2
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1F321674904258DFDB20DFA8C8807DDBBB1BF49314F2482AAD899AB382D7709985DF51
                                                                                                                                                                                                                  Function 008DF4D8 Relevance: .5, Instructions: 502COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1983991856.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1983979746.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984045343.000000000092C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984095471.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984119797.000000000093A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984133777.000000000093D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_8b0000_FXdg37pY22.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: 966cedb2c108c5bc73cadf0dbb7dffb4f517b3a7eee62220a00e72b5f1a981e2
                                                                                                                                                                                                                  • Instruction ID: c671b59507573b02fcb1e798257fd35989c5a1c45d58c96627528f04fedf4ed9
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 966cedb2c108c5bc73cadf0dbb7dffb4f517b3a7eee62220a00e72b5f1a981e2
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E232F674D042589FDB20CFA8C8807DCBFB1BF59314F2482AAD999AB382D7709985DF51
                                                                                                                                                                                                                  Function 008E1AA4 Relevance: .5, Instructions: 502COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1983991856.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1983979746.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984045343.000000000092C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984095471.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984119797.000000000093A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984133777.000000000093D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_8b0000_FXdg37pY22.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: 832de3039afae016f7e951d4a7215ec6f16e41d3bfe647507f578b9a01578d80
                                                                                                                                                                                                                  • Instruction ID: 7e21e370d2410e472db6da7426672cb8078ad37871e1fde13df2e11489a6121f
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 832de3039afae016f7e951d4a7215ec6f16e41d3bfe647507f578b9a01578d80
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E132F174D043988FDF20CFA9C88469CBBF5BF5A314F24815AD8A8AB392D7709985CF51
                                                                                                                                                                                                                  Function 00C9CBD6 Relevance: .5, Instructions: 461COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1984222717.0000000000C60000.00000040.10000000.00040000.00000000.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_c60000_FXdg37pY22.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: a24bc33ae186c9d2d4d16c91960f56df2ff9788fffdde1bfabb24968e2098f0d
                                                                                                                                                                                                                  • Instruction ID: a8a5c58c652a07036c22f3cc1e4ca0c3c8fa3b0f6651ba35fe1f0d435b675be0
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a24bc33ae186c9d2d4d16c91960f56df2ff9788fffdde1bfabb24968e2098f0d
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 30E1DC36B14216CFCB04CF68E8907AEB7F2FB8A319F198479E58693351D735A951CB80
                                                                                                                                                                                                                  Function 00C65910 Relevance: .4, Instructions: 449COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1984222717.0000000000C60000.00000040.10000000.00040000.00000000.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_c60000_FXdg37pY22.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: 72ef3389d17b5c2d7356fca882b754ee43f181ee348d4ceda7fd19fbe0bcaa8a
                                                                                                                                                                                                                  • Instruction ID: 73c0e652ec9130bd74fdde09ecaf06e9639e7851ed9bc40f5901ea828f5ab1f5
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 72ef3389d17b5c2d7356fca882b754ee43f181ee348d4ceda7fd19fbe0bcaa8a
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 95F1EC356087418FC724CF29C890B6BFBE2AFD8300F18892DE4D987751EA75E909CB52
                                                                                                                                                                                                                  Function 00C866E7 Relevance: .4, Instructions: 424COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1984222717.0000000000C60000.00000040.10000000.00040000.00000000.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_c60000_FXdg37pY22.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: 4e5b9affd68540e27dbcdac96bb021eb043d4978da17d43764cb3d5c0200920c
                                                                                                                                                                                                                  • Instruction ID: b1bc3c0918f71106cb55f8c305dce3bfdddf4ec1bf5db0aa6f47f5891aa8c549
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4e5b9affd68540e27dbcdac96bb021eb043d4978da17d43764cb3d5c0200920c
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4CE156B1908341CFCB14AF14D45136FB7E1AF96308F19486DE8DA97382D63AEE05CB96
                                                                                                                                                                                                                  Function 00C980D9 Relevance: .4, Instructions: 422COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1984222717.0000000000C60000.00000040.10000000.00040000.00000000.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_c60000_FXdg37pY22.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: 32af445e34c2bc305874978666edc5dbd7bc0e3049bba654fab7ce2650006b3f
                                                                                                                                                                                                                  • Instruction ID: f22f4bfabb7d390834416ec499b2a6d128a6a5282fca72556be6809cb33f3301
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 32af445e34c2bc305874978666edc5dbd7bc0e3049bba654fab7ce2650006b3f
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: AAD10237618356CBCB184F38EC5136AB7F1FF4A315F4A8978D481872A0E77ACA658750
                                                                                                                                                                                                                  Function 00C681F0 Relevance: .4, Instructions: 408COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1984222717.0000000000C60000.00000040.10000000.00040000.00000000.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_c60000_FXdg37pY22.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: 4dbd2c454ca8f865e7e9921cbea611ae03a238be0b11297704a3f43d618eec92
                                                                                                                                                                                                                  • Instruction ID: ed1d609ed73830b55505026a40f91c887799469a16d263ae1250273ab4c9877a
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4dbd2c454ca8f865e7e9921cbea611ae03a238be0b11297704a3f43d618eec92
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 69E1F7716087455BC729CE29D8E026EFBD2ABC5320F18CB1DE4B64B3E5DB349A098B41
                                                                                                                                                                                                                  Function 00C9CCE0 Relevance: .4, Instructions: 394COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1984222717.0000000000C60000.00000040.10000000.00040000.00000000.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_c60000_FXdg37pY22.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: cdc9124653a40d119af1d250a06d67ef92f0428c64d7e7cd5f8187e65085cf0f
                                                                                                                                                                                                                  • Instruction ID: 9e5aaa08bad1d6cf18debc4678d18fdc18c3708469ec9ca358c439805b0695b6
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: cdc9124653a40d119af1d250a06d67ef92f0428c64d7e7cd5f8187e65085cf0f
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1FC1DD36A14216CFCB04CF68E8907AEB7F1FB8A319F098479E94693361D734AD51CB80
                                                                                                                                                                                                                  Function 00C886F0 Relevance: .4, Instructions: 392COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1984222717.0000000000C60000.00000040.10000000.00040000.00000000.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_c60000_FXdg37pY22.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: 1609735f051f733c61102685ff082b9db194c55672d69830a6df61ad77c8689b
                                                                                                                                                                                                                  • Instruction ID: 9c4ed1abeebf905b3b4f64f267a202d8bfc666b3dce06725cd3c40d32c5c22bc
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1609735f051f733c61102685ff082b9db194c55672d69830a6df61ad77c8689b
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CFC1F2B410C3118BD714EF14C86162BB7F2EF92328F54890CF4E59B795EB789A09C75A
                                                                                                                                                                                                                  Function 00C77190 Relevance: .4, Instructions: 375COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1984222717.0000000000C60000.00000040.10000000.00040000.00000000.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_c60000_FXdg37pY22.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: 3e8a9c0e86a5c42f1840080d0ee973f117d95c464f0089666715ec04cd3dfdaf
                                                                                                                                                                                                                  • Instruction ID: d8a5566da03eeb9f894572d890e14703709d24d889d191911491e97171c5675f
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3e8a9c0e86a5c42f1840080d0ee973f117d95c464f0089666715ec04cd3dfdaf
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: AFB1D030208741CFE7258F39D861B76BBE2EB47314F148A9CE59A8B392D734A941DB50
                                                                                                                                                                                                                  Function 008B4751 Relevance: .4, Instructions: 368COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1983991856.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1983979746.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984045343.000000000092C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984095471.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984119797.000000000093A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984133777.000000000093D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_8b0000_FXdg37pY22.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: 8f724107cec088c50eae70829d1e1abca206e23714ecb05b9f932e679d781566
                                                                                                                                                                                                                  • Instruction ID: df999be93a0531bd2dd9603e4e4463053a1acd5f43cb3507deea59afff95cd43
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8f724107cec088c50eae70829d1e1abca206e23714ecb05b9f932e679d781566
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C5C10230B052158BDB248E3988A73EABBE3FB84B10F28E579C459CB347DA35DC498745
                                                                                                                                                                                                                  Function 00C9CD60 Relevance: .4, Instructions: 355COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1984222717.0000000000C60000.00000040.10000000.00040000.00000000.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_c60000_FXdg37pY22.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: a7681a776019c014580a36cd1c91adc7fda1aa1a35d245be3c7020b342e0c86e
                                                                                                                                                                                                                  • Instruction ID: 610eefa2e9563c420316fb3b5a6cca22f2a20b67663dfc1b8ec8e32b0720366f
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a7681a776019c014580a36cd1c91adc7fda1aa1a35d245be3c7020b342e0c86e
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F1B1BC76A14216CFCB04CF68E8907AEB7F1FB8A319F09846DE98693351D734E955CB80
                                                                                                                                                                                                                  Function 00C86EBE Relevance: .4, Instructions: 350COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1984222717.0000000000C60000.00000040.10000000.00040000.00000000.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_c60000_FXdg37pY22.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: 4646983f54c7793541036c76fa0985e23e7ac6ebca27e842db0f953acc5f6c5f
                                                                                                                                                                                                                  • Instruction ID: 7c9c9a70d6ac7097dc76ea3ae140962be1bffef02a5e67b20e7065b450b0209b
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4646983f54c7793541036c76fa0985e23e7ac6ebca27e842db0f953acc5f6c5f
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F7C1F53194C381CFD319DF38989075ABBA2AF86318F1947ACF4A94B2E1D3719E44DB45
                                                                                                                                                                                                                  Function 00C9E2C0 Relevance: .3, Instructions: 349COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1984222717.0000000000C60000.00000040.10000000.00040000.00000000.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_c60000_FXdg37pY22.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 2994545307-0
                                                                                                                                                                                                                  • Opcode ID: 574002affb02ef96dedbfa591737d0a3a5f6a4141a6336f75552335e2799c192
                                                                                                                                                                                                                  • Instruction ID: 04e189c270331d835c4aa65f4f75dee67fb3f5ae28aac455e6dd10f4398cf385
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 574002affb02ef96dedbfa591737d0a3a5f6a4141a6336f75552335e2799c192
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7EB124357083559FCB24DF29C890A7EB7E2AFA9714F19C63CE89947362EA349D01C781
                                                                                                                                                                                                                  Function 00C76B7E Relevance: .3, Instructions: 335COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1984222717.0000000000C60000.00000040.10000000.00040000.00000000.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_c60000_FXdg37pY22.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: 677762facd5e22c2d87532027657a47b1df9908bafb2a12490b4b3a76b3ca78c
                                                                                                                                                                                                                  • Instruction ID: 5ce7d3f06d50365c21361326828b949d1a3513d822ccca28bc1a5986117baf6f
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 677762facd5e22c2d87532027657a47b1df9908bafb2a12490b4b3a76b3ca78c
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8EA136B1604B418FC725CF38C891A23BBE2EF56310B18CA5CD49B8B792E734E905CB51
                                                                                                                                                                                                                  Function 00C9CE00 Relevance: .3, Instructions: 332COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1984222717.0000000000C60000.00000040.10000000.00040000.00000000.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_c60000_FXdg37pY22.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: 1e3a08d51781d975778b921a19862aae8f67fe6d4c017e4f8a2314cd13c0a4e2
                                                                                                                                                                                                                  • Instruction ID: 73e6511e7cc5eca61fbb8a8023f36c5ca6dd44950fc7d972c16ff227001dd5ac
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1e3a08d51781d975778b921a19862aae8f67fe6d4c017e4f8a2314cd13c0a4e2
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 52B1EF76A14216CFCB04CF68E8907AEB7F1FB8A315F09486DE986D3390D734A955CB90
                                                                                                                                                                                                                  Function 00C76E97 Relevance: .3, Instructions: 316COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1984222717.0000000000C60000.00000040.10000000.00040000.00000000.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_c60000_FXdg37pY22.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: 5817db76addb21e24e6672413b526f43edf3bda9d1fac2f1ffb5bd50f65efe4f
                                                                                                                                                                                                                  • Instruction ID: cb9c6643d4d6f0fcd641ab1d23e508b9862ddefb813cd3537e76d8ac170712c1
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5817db76addb21e24e6672413b526f43edf3bda9d1fac2f1ffb5bd50f65efe4f
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E6A1F4B1604B418FD724CF29D8E1B27B7E2BB5A304F14CA6DE5AB87752D234E905CB50
                                                                                                                                                                                                                  Function 00C78C1E Relevance: .3, Instructions: 307COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1984222717.0000000000C60000.00000040.10000000.00040000.00000000.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_c60000_FXdg37pY22.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: 90beb6f464012fa2ab51bab0b8a0fd74b6c9160cbf43ec4753d99982ab0e5a36
                                                                                                                                                                                                                  • Instruction ID: ba4a79f0f3ece5ac840f595df325b312cd89dfb2f31621ed3c1fdcb7f4341a57
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 90beb6f464012fa2ab51bab0b8a0fd74b6c9160cbf43ec4753d99982ab0e5a36
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 87B10E766007018FC724CF29C891B66B7F2FF95320B19C59DD99A8B7A4EB34E906CB10
                                                                                                                                                                                                                  Function 00C66200 Relevance: .3, Instructions: 303COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1984222717.0000000000C60000.00000040.10000000.00040000.00000000.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_c60000_FXdg37pY22.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: dc1db6a217cb8f63b2a4c53b2a12e6814aef47cb0c90e13827f5475dc9e5d2a9
                                                                                                                                                                                                                  • Instruction ID: 73037c3e6d28227bc22cf1a77e6c90956d8d87ee536adf91ace4a45bd91ebac6
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: dc1db6a217cb8f63b2a4c53b2a12e6814aef47cb0c90e13827f5475dc9e5d2a9
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 13C16BB2A587418FC370CF28DC96BABB7E1BF85318F08492DD1D9C6242E778A155CB46
                                                                                                                                                                                                                  Function 00C9DFB0 Relevance: .3, Instructions: 274COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1984222717.0000000000C60000.00000040.10000000.00040000.00000000.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_c60000_FXdg37pY22.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 2994545307-0
                                                                                                                                                                                                                  • Opcode ID: f062f1feeb4e9e13d10780d4718f5796ac383fbc1ce420aeaa9437ee22047706
                                                                                                                                                                                                                  • Instruction ID: 00282bbcdd931cb395eeba43217fbf2cf44d2a0e2f3f8420fa3ca60dc0f93439
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f062f1feeb4e9e13d10780d4718f5796ac383fbc1ce420aeaa9437ee22047706
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8891E4756083019FCB18DF18D894A2AB3F6FFA9710F15896CE8958B361E731ED11DB82
                                                                                                                                                                                                                  Function 00C9DCF0 Relevance: .3, Instructions: 272COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1984222717.0000000000C60000.00000040.10000000.00040000.00000000.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_c60000_FXdg37pY22.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 2994545307-0
                                                                                                                                                                                                                  • Opcode ID: 8ae6112019d07c8a8a891f54194727de045559d4de2727587405becc04a9bf5f
                                                                                                                                                                                                                  • Instruction ID: 814eb7b13b894faf876fb1c9266506d8dd33df9edb94c20208aac3fcab7ab52d
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8ae6112019d07c8a8a891f54194727de045559d4de2727587405becc04a9bf5f
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3D7179326043059FCF14AE29C851A7FB3A6EFD5750F1AC46CE8879B265EB309D419782
                                                                                                                                                                                                                  Function 00C88F5D Relevance: .3, Instructions: 257COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1984222717.0000000000C60000.00000040.10000000.00040000.00000000.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_c60000_FXdg37pY22.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: 2f5b69e759e1770aac151998d54f38237d8e5bc545f094d2285f19e813ebf047
                                                                                                                                                                                                                  • Instruction ID: 308692987e1c78c15d5c7a9c9b458fcd201f8b4e9050eac6c16252a2694a97e1
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2f5b69e759e1770aac151998d54f38237d8e5bc545f094d2285f19e813ebf047
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4A9145B290C3418BC724DF64849627FF7E29FD5308F5C892DE4E68B292E635D905CB46
                                                                                                                                                                                                                  Function 00C6CA54 Relevance: .2, Instructions: 247COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1984222717.0000000000C60000.00000040.10000000.00040000.00000000.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_c60000_FXdg37pY22.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: cd47cad3c5e993129bccbed60359d1d9fedd96d1d6032b6292b6c52ddeea90d8
                                                                                                                                                                                                                  • Instruction ID: ddd733f3ec56b13382196ece6e1beb1261401de0fffb052fb5574d0867e5f277
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: cd47cad3c5e993129bccbed60359d1d9fedd96d1d6032b6292b6c52ddeea90d8
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 945146755443118BCB28CF58D8D12A77B72FF9A720319929CCCD16F3A9E7389902CBA5
                                                                                                                                                                                                                  Function 00C99B90 Relevance: .2, Instructions: 236COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1984222717.0000000000C60000.00000040.10000000.00040000.00000000.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_c60000_FXdg37pY22.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 2994545307-0
                                                                                                                                                                                                                  • Opcode ID: 18820743751ad3f244f4bc7ae3d9b1d1c160e824d4e0212d86734ba33c647cbd
                                                                                                                                                                                                                  • Instruction ID: 3c41127be9494eab7bda1713c25965b08a442798c3eca7de6cf7eca59d93bbef
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 18820743751ad3f244f4bc7ae3d9b1d1c160e824d4e0212d86734ba33c647cbd
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3D615B726082049FDB28DF2CD995B7FB792EBD0304F2D846DD5868B355EA319D01CB82
                                                                                                                                                                                                                  Function 00C767A5 Relevance: .2, Instructions: 233COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1984222717.0000000000C60000.00000040.10000000.00040000.00000000.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_c60000_FXdg37pY22.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 2994545307-0
                                                                                                                                                                                                                  • Opcode ID: 97ce76387b410ec265c24b5992dd23101d6ff7e875d45f6451dd6b72ed370ac8
                                                                                                                                                                                                                  • Instruction ID: 970eb0afac2f2a5b21b529ab6514d0162b0b3c20de6abd2f5c972720a21766c7
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 97ce76387b410ec265c24b5992dd23101d6ff7e875d45f6451dd6b72ed370ac8
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0951C234705B008FE729CF59C992B367793FB95304F18D5ACE6AA4BB92C374AD018B11
                                                                                                                                                                                                                  Function 00C7D8E0 Relevance: .2, Instructions: 227COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1984222717.0000000000C60000.00000040.10000000.00040000.00000000.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_c60000_FXdg37pY22.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: 7249ecb28022e7d979984d99011ded0bed6872077b99ce4ed357df452c0e5425
                                                                                                                                                                                                                  • Instruction ID: 57211ce28f47ba458cb8e31c6bf54a6c2912098f30b14b91a6b7b75614782c94
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7249ecb28022e7d979984d99011ded0bed6872077b99ce4ed357df452c0e5425
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9D71462365D6914BD328893D5C213AABAA30FD3334F2EC7ADE9FA873E1D5658C059350
                                                                                                                                                                                                                  Function 00C76571 Relevance: .2, Instructions: 227COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1984222717.0000000000C60000.00000040.10000000.00040000.00000000.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_c60000_FXdg37pY22.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 2994545307-0
                                                                                                                                                                                                                  • Opcode ID: 1d3de25f0e87a5e08e273f21102e331a51a66458aa74affaa3f55229cc3d2328
                                                                                                                                                                                                                  • Instruction ID: 924dd59238d4c9f1c6a8d647e30608bfa08c1765f6c7384e0e18a6772acc772c
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1d3de25f0e87a5e08e273f21102e331a51a66458aa74affaa3f55229cc3d2328
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4F51CF74245B00DFE7298F59C892B3677A3FB95304F18D5ACE69A4B762C374AD418B10
                                                                                                                                                                                                                  Function 00C85670 Relevance: .2, Instructions: 218COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1984222717.0000000000C60000.00000040.10000000.00040000.00000000.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_c60000_FXdg37pY22.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: 268e6a86c9647423a3e0406f1efe1fb1f3a43167bedebd64417b2eb9c2239687
                                                                                                                                                                                                                  • Instruction ID: a7a42c2ac8cd84912109f04c0508f70c1f37090f16aa0d4b9156d7e71e2c03fb
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 268e6a86c9647423a3e0406f1efe1fb1f3a43167bedebd64417b2eb9c2239687
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5B61E2B01483009BD714EF14D89266BB7F1EF92368F548A1DE4D68B3A1E7748909CB57
                                                                                                                                                                                                                  Function 00C83D30 Relevance: .2, Instructions: 212COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1984222717.0000000000C60000.00000040.10000000.00040000.00000000.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_c60000_FXdg37pY22.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: ed165cfc055e79b1de223c295ff88a734bf2cafeedecdd828c8fa7a9a53a5e2b
                                                                                                                                                                                                                  • Instruction ID: ac6b3e6dbdacbe4e82351602536551f4097cd3694073adf0f482b591e6bf2e3c
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ed165cfc055e79b1de223c295ff88a734bf2cafeedecdd828c8fa7a9a53a5e2b
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A15146722083449FE324CF54EC41B9FBBE5EBC5318F01492DF6A89B281D7B49945CB82
                                                                                                                                                                                                                  Function 00C96430 Relevance: .2, Instructions: 189COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1984222717.0000000000C60000.00000040.10000000.00040000.00000000.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_c60000_FXdg37pY22.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: ee3221d44487f1b55dcfb0cb7b306b7a5088c2c108d24d47baceea343636d859
                                                                                                                                                                                                                  • Instruction ID: fa79c6bc303f02580d8d8c63d16b20832c8a69cf252327e101be7c184656f1ef
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ee3221d44487f1b55dcfb0cb7b306b7a5088c2c108d24d47baceea343636d859
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CE516CB15087548FE714DF69D89435BBBE1BBC8318F044A2DE5E987390E379DA088F82
                                                                                                                                                                                                                  Function 00C7CEA5 Relevance: .2, Instructions: 188COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1984222717.0000000000C60000.00000040.10000000.00040000.00000000.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_c60000_FXdg37pY22.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: 951bc74aee3aeb07f1ea7b6090eb10765a88c1ce66b35b16ecc907bcfa9b2d72
                                                                                                                                                                                                                  • Instruction ID: 340b583d4e176cd292b1f7441edf25f94f96034707a1251af7f28e30deb9ed77
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 951bc74aee3aeb07f1ea7b6090eb10765a88c1ce66b35b16ecc907bcfa9b2d72
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 574122A451835287CB209F28CC5277BF3F1AFA2354F59895CE8D99B280E734DA51C36A
                                                                                                                                                                                                                  Function 00C7AE00 Relevance: .2, Instructions: 186COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1984222717.0000000000C60000.00000040.10000000.00040000.00000000.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_c60000_FXdg37pY22.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: 53db13b277eadf870d81a5cbc95f58bef47857344eef47a0f214f49615c8bf4b
                                                                                                                                                                                                                  • Instruction ID: c8880451477faa5d9a9e1e8ab936f1a78f92ff9d829e2f234377b07234552c06
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 53db13b277eadf870d81a5cbc95f58bef47857344eef47a0f214f49615c8bf4b
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F751367374AA8147D72C893D9C263AEAA834BD3338B3DC36EE0BA873E1D5654C064351
                                                                                                                                                                                                                  Function 00C7DC20 Relevance: .2, Instructions: 184COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1984222717.0000000000C60000.00000040.10000000.00040000.00000000.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_c60000_FXdg37pY22.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: 06fa0d3f81d4ca5f028b5024445c849ab0a65f38a09933ff510c408f2ff5552f
                                                                                                                                                                                                                  • Instruction ID: 8e999d961462ef2dcd4cc03bbe9dd509a687d726695d46aa5b242d9dffa77fae
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 06fa0d3f81d4ca5f028b5024445c849ab0a65f38a09933ff510c408f2ff5552f
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 08510433A599814BD729893D5C213AA6AA34FE3334F3CC36AE5BB8B3E5D5A548058350
                                                                                                                                                                                                                  Function 00C83E30 Relevance: .2, Instructions: 179COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1984222717.0000000000C60000.00000040.10000000.00040000.00000000.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_c60000_FXdg37pY22.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: 30cc158062c0814710c17a1973a0d54e6fa02401b74e87e4a9c95637bc5674da
                                                                                                                                                                                                                  • Instruction ID: 4215f7805fce9d8d0c925919c49060aa034aa9a0f5dbc2b20395b0d16e333f9b
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 30cc158062c0814710c17a1973a0d54e6fa02401b74e87e4a9c95637bc5674da
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 12512472608300DFD324CF58EC41B5FBBE5EBC9318F15492DF698A7291D7B5A9448B82
                                                                                                                                                                                                                  Function 00C87307 Relevance: .2, Instructions: 174COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1984222717.0000000000C60000.00000040.10000000.00040000.00000000.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_c60000_FXdg37pY22.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: 96587c0a4cb8a72126c25ca7b13cbb45929ed27fe2f86ac00fc0a7c4aaaf8a9a
                                                                                                                                                                                                                  • Instruction ID: 5bc4934d07975ec4eb1b8f2cdd6e239226f6a03212745d5b533b5d28ac81fb6f
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 96587c0a4cb8a72126c25ca7b13cbb45929ed27fe2f86ac00fc0a7c4aaaf8a9a
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6751C9B011C3108AC724EF64D49122BB7F0EFA2348F104A2CD5E64B761F7798A08DB9B
                                                                                                                                                                                                                  Function 00C85F7D Relevance: .2, Instructions: 153COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1984222717.0000000000C60000.00000040.10000000.00040000.00000000.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_c60000_FXdg37pY22.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: 91bd64d53751932bc5499eb2980a1a82d0664bbda66f28f105b545ef3af76d3c
                                                                                                                                                                                                                  • Instruction ID: 5d00e5c7e238e486d623c9445ec68cb2da6b26faa373097bcda959ef4f0725b2
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 91bd64d53751932bc5499eb2980a1a82d0664bbda66f28f105b545ef3af76d3c
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5A418A73C08B2487C230BAA4985017BB6D5EB86354F598569F9C297341FB34AE0193CA
                                                                                                                                                                                                                  Function 008B7794 Relevance: .2, Instructions: 150COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1983991856.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1983979746.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984045343.000000000092C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984095471.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984119797.000000000093A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984133777.000000000093D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_8b0000_FXdg37pY22.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: aa20cfbcd7b5cc72b940c3cff0acd792b6791bbd3311bffdab1565aaef271c20
                                                                                                                                                                                                                  • Instruction ID: f2afac890c822beb9c7c4be3458cb485d62a8c0e7b3448d62624a77fa0a94e3d
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: aa20cfbcd7b5cc72b940c3cff0acd792b6791bbd3311bffdab1565aaef271c20
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9651F375E0422A8B8F15CEA9C4905EEFBF2BB8C320B24917AD855F3704E6359805CBA4
                                                                                                                                                                                                                  Function 00C68990 Relevance: .1, Instructions: 131COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1984222717.0000000000C60000.00000040.10000000.00040000.00000000.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_c60000_FXdg37pY22.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: 367c31638055309794f69e9f1362a6cfb166745821b7f7e74973013f3529307c
                                                                                                                                                                                                                  • Instruction ID: abd35151a4dd4e39286826d722cded389f98595996f4a033a4837ef9c3d8a342
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 367c31638055309794f69e9f1362a6cfb166745821b7f7e74973013f3529307c
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DC316533A2181146E754CA29CC4479532D39BD9328F3EC7B9D865DF697CD379D138680
                                                                                                                                                                                                                  Function 00C892D0 Relevance: .1, Instructions: 119COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1984222717.0000000000C60000.00000040.10000000.00040000.00000000.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_c60000_FXdg37pY22.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: e93b0b0349caefbe8b08d4700ba65fd1a75cea11ac73378f1dff688f66cc79dd
                                                                                                                                                                                                                  • Instruction ID: e9f91baa7eb50941ec52d9adccac2932b979d58f480835389fdcc641ce2c133f
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e93b0b0349caefbe8b08d4700ba65fd1a75cea11ac73378f1dff688f66cc79dd
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: AD4128B2B193404BD71CCF258C6276FFBA2EBC5308F15882CE5869B284CA7495078B45
                                                                                                                                                                                                                  Function 00C96B20 Relevance: .1, Instructions: 116COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1984222717.0000000000C60000.00000040.10000000.00040000.00000000.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_c60000_FXdg37pY22.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: 91220374a97f5aff33aa7e71888e41c88829f78e25f822e198eb2ef461918297
                                                                                                                                                                                                                  • Instruction ID: 777be09eb8f17543ee5b6ad96bdf52c93ceb266b12c4b1b44eb2c1512cf0a6dc
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 91220374a97f5aff33aa7e71888e41c88829f78e25f822e198eb2ef461918297
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 47315676E083284B87249E5989820A7F7E8EBC9754F0AC12EE894E7351F570DD0157C5
                                                                                                                                                                                                                  Function 008C68D8 Relevance: .1, Instructions: 76COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1983991856.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1983979746.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984045343.000000000092C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984095471.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984119797.000000000093A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984133777.000000000093D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_8b0000_FXdg37pY22.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: a66befde4806beea2422b055721af65412aea4454cde88d0fcc02bd6525caab1
                                                                                                                                                                                                                  • Instruction ID: b378b5686fcecabb3c513aa874c689a4420eca5c3741cba95b5ea2b83a12b3e4
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a66befde4806beea2422b055721af65412aea4454cde88d0fcc02bd6525caab1
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4B3184B4A14219CFDB00EF69C844B6EBBF0FB49304F10853AE8A5D7350E774D9549B52
                                                                                                                                                                                                                  Function 00C7597D Relevance: .1, Instructions: 64COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1984222717.0000000000C60000.00000040.10000000.00040000.00000000.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_c60000_FXdg37pY22.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 2994545307-0
                                                                                                                                                                                                                  • Opcode ID: 1ee4691983a77ad0437dc0eb1e9e6a8902ec9524ea3b69b99595966aa7f40cd2
                                                                                                                                                                                                                  • Instruction ID: 0d691b165bb25965576ff67300bd2f76a3ef84e8ec71535f03ed53ef0709ddcc
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1ee4691983a77ad0437dc0eb1e9e6a8902ec9524ea3b69b99595966aa7f40cd2
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 33017B30610B01DBF7298E19DC56B7673A3FB82310FA4D07CF28653281DBB0A952D750
                                                                                                                                                                                                                  Function 00C945F0 Relevance: .1, Instructions: 64COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1984222717.0000000000C60000.00000040.10000000.00040000.00000000.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_c60000_FXdg37pY22.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
                                                                                                                                                                                                                  • Instruction ID: 6cb49c6077f78fb6e46980072ddc88d38be965bf0f8171ac4e748cdfe592ff92
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9611C0736051D44ECB198E3C8404975BFD30B93635F5D8399F4B4971D6D6238E8B8355
                                                                                                                                                                                                                  Function 00C8A060 Relevance: .1, Instructions: 63COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1984222717.0000000000C60000.00000040.10000000.00040000.00000000.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_c60000_FXdg37pY22.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: a62376ffa6d90c1baa96e3dbf302ab3dfe7742f197fede568b4cb05d9ce342f2
                                                                                                                                                                                                                  • Instruction ID: 8c4b8fb9f6e8179c8b6946ef030da75f18be2f9e233d8cad1627921ec22f5e17
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a62376ffa6d90c1baa96e3dbf302ab3dfe7742f197fede568b4cb05d9ce342f2
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0D01D4F570070157F730BE5094C0727B2A86F80708F29453DE81647202DB7AED08D39A
                                                                                                                                                                                                                  Function 00C90A6C Relevance: .0, Instructions: 44COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1984222717.0000000000C60000.00000040.10000000.00040000.00000000.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_c60000_FXdg37pY22.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: 4f5a88cce7087f37c6a17355640073ca430a2252b9bd00d23da2c8cd9ed08543
                                                                                                                                                                                                                  • Instruction ID: 5f38057b7dd8e80e1f920872f53129a41148197d091fb4217a9ed72f5a80cd7f
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4f5a88cce7087f37c6a17355640073ca430a2252b9bd00d23da2c8cd9ed08543
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2B012CF09142006ED714FA3CCD0AB3B7AEC9745208F51465CBC65DB2D5E270AC148BA6
                                                                                                                                                                                                                  Function 00C62B70 Relevance: .0, Instructions: 43COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1984222717.0000000000C60000.00000040.10000000.00040000.00000000.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_c60000_FXdg37pY22.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: cadf49aa8f8d596c8bd9db093c955d295c715a92b1f0ac345bb06ebfb5c602bd
                                                                                                                                                                                                                  • Instruction ID: f7ad031a6257c0701505ef91cf47da454e5695af95a5633b5388160dd56b4fe2
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: cadf49aa8f8d596c8bd9db093c955d295c715a92b1f0ac345bb06ebfb5c602bd
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E1F0E237B199154BA220CD2AACC4A7BB3A6D7C7354B1A443DE842D3200C935E80296E5
                                                                                                                                                                                                                  Function 00C8B3DE Relevance: .0, Instructions: 40COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1984222717.0000000000C60000.00000040.10000000.00040000.00000000.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_c60000_FXdg37pY22.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: 5c02cf6f68fb53e21aaaea130bd962aea858b14cfd1601f50df2010c9908b46c
                                                                                                                                                                                                                  • Instruction ID: 3888755a2709768c5835d8c197db3ad51d67689dc2c80b22d90eacb993b8968f
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5c02cf6f68fb53e21aaaea130bd962aea858b14cfd1601f50df2010c9908b46c
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5DF0B425988AC346C3198B3E8070331EFE18FBB258F2C5568C4E657393DB268D099718
                                                                                                                                                                                                                  Function 00C8B475 Relevance: .0, Instructions: 16COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1984222717.0000000000C60000.00000040.10000000.00040000.00000000.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_c60000_FXdg37pY22.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: 17aca340dbac76c6119e11da13d3d785edc649fe0b7d514023411a1570ff48a3
                                                                                                                                                                                                                  • Instruction ID: d0694c234655ab981a2dffc389908e9142f0fd1f904a67fd0af4649bef381d9a
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 17aca340dbac76c6119e11da13d3d785edc649fe0b7d514023411a1570ff48a3
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 72D02278908401ABC208DF10ED5273DB2688F4B29AB046428E903FB303CE20E860850E
                                                                                                                                                                                                                  Function 00C6C274 Relevance: .0, Instructions: 13COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1984222717.0000000000C60000.00000040.10000000.00040000.00000000.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_c60000_FXdg37pY22.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: c5bf18202f2375762d80cb0d7e725a20f0a41027fe9b9045e008c60bae350af6
                                                                                                                                                                                                                  • Instruction ID: e16cdf3d1d524705a6ae8ff17fe0dea2178362cafbe25cf640906a9ec3b07544
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c5bf18202f2375762d80cb0d7e725a20f0a41027fe9b9045e008c60bae350af6
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 78D0122094A2A94AC3468F3CDCA1735B7B1EB03104F052548C142DB291C7D091168658
                                                                                                                                                                                                                  Function 008BE774 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 92COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • calloc.MSVCRT ref: 008BE7B1
                                                                                                                                                                                                                  • CreateSemaphoreA.KERNEL32(?,?,00000000,00000014), ref: 008BE7F4
                                                                                                                                                                                                                  • CreateSemaphoreA.KERNEL32 ref: 008BE813
                                                                                                                                                                                                                  • CloseHandle.KERNEL32 ref: 008BE829
                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 008BE83A
                                                                                                                                                                                                                  • free.MSVCRT ref: 008BE844
                                                                                                                                                                                                                  • InitializeCriticalSection.KERNEL32 ref: 008BE860
                                                                                                                                                                                                                  • InitializeCriticalSection.KERNEL32(00000000), ref: 008BE869
                                                                                                                                                                                                                  • InitializeCriticalSection.KERNEL32 ref: 008BE872
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1983991856.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1983979746.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984045343.000000000092C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984095471.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984119797.000000000093A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984133777.000000000093D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_8b0000_FXdg37pY22.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: CriticalInitializeSection$CloseCreateHandleSemaphore$callocfree
                                                                                                                                                                                                                  • String ID: l
                                                                                                                                                                                                                  • API String ID: 3701386200-2517025534
                                                                                                                                                                                                                  • Opcode ID: 67dbc75327df1b0ffb9ad5daba18efb62a187d1b884f0fccd10444c07953378c
                                                                                                                                                                                                                  • Instruction ID: cc578233b6da588c58d97b0911061323942e995b791497b7eb42b52c709ac3a0
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 67dbc75327df1b0ffb9ad5daba18efb62a187d1b884f0fccd10444c07953378c
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E331D1B19047049FDB54AF6AC88469ABBE4FF88310F15896DE898CB356E735D840CF92
                                                                                                                                                                                                                  Function 008C7520 Relevance: 15.1, APIs: 10, Instructions: 138COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1983991856.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1983979746.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984045343.000000000092C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984095471.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984119797.000000000093A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984133777.000000000093D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_8b0000_FXdg37pY22.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: fputs$abort$fputcfree
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 193835883-0
                                                                                                                                                                                                                  • Opcode ID: 47284c80dbebe149f646d9025f4bc58c802c12ad8b69c4ce644b58b081809ccf
                                                                                                                                                                                                                  • Instruction ID: 33b6db029ceb90e3be4a4f0a87d9d0b21554c1a8a02c94add461374ada62e470
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 47284c80dbebe149f646d9025f4bc58c802c12ad8b69c4ce644b58b081809ccf
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E45171B08097188FDB20AFE8D44969DBBF0FF48310F154A1DE4A5AB395D7788885DF52
                                                                                                                                                                                                                  Function 008C0EE9 Relevance: 13.6, APIs: 9, Instructions: 139threadinjectionsynchronizationCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1983991856.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1983979746.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984045343.000000000092C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984095471.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984119797.000000000093A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984133777.000000000093D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_8b0000_FXdg37pY22.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Thread$Event$Context$HandleInformationObjectResumeSingleSuspendWait
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 56398499-0
                                                                                                                                                                                                                  • Opcode ID: dfbf1101560a7ea7b45a3dfd5e9fcd38653b1247860c68f343ea3e0208c67ec0
                                                                                                                                                                                                                  • Instruction ID: a530df0dc6ea7ae38bcc1323423418531c65b9c31af51c12b476fc2d7aafb60c
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: dfbf1101560a7ea7b45a3dfd5e9fcd38653b1247860c68f343ea3e0208c67ec0
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9C516F75518A419FCB10AF78D888A69BBF4FF09350F04461CE895C7683DB34E590DFA6
                                                                                                                                                                                                                  Function 008BEBEE Relevance: 13.6, APIs: 9, Instructions: 113COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • TryEnterCriticalSection.KERNEL32 ref: 008BEC7B
                                                                                                                                                                                                                  • LeaveCriticalSection.KERNEL32 ref: 008BECCE
                                                                                                                                                                                                                  • CloseHandle.KERNEL32 ref: 008BECFA
                                                                                                                                                                                                                  • CloseHandle.KERNEL32 ref: 008BED03
                                                                                                                                                                                                                  • LeaveCriticalSection.KERNEL32(74DF2EE0), ref: 008BED0C
                                                                                                                                                                                                                  • DeleteCriticalSection.KERNEL32(00000000), ref: 008BED1F
                                                                                                                                                                                                                  • DeleteCriticalSection.KERNEL32(00000000), ref: 008BED28
                                                                                                                                                                                                                  • DeleteCriticalSection.KERNEL32(00000000), ref: 008BED31
                                                                                                                                                                                                                  • free.MSVCRT ref: 008BED37
                                                                                                                                                                                                                    • Part of subcall function 008BE4C4: EnterCriticalSection.KERNEL32(?,?,?,?,?,00000001,?,?,008BEFF3,00000000), ref: 008BE4D7
                                                                                                                                                                                                                    • Part of subcall function 008BE4C4: LeaveCriticalSection.KERNEL32(00000000,?,?,?,?,?,00000001,?,?,008BEFF3,00000000), ref: 008BE50D
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1983991856.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1983979746.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984045343.000000000092C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984095471.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984119797.000000000093A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984133777.000000000093D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_8b0000_FXdg37pY22.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: CriticalSection$DeleteLeave$CloseEnterHandle$free
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 1444599582-0
                                                                                                                                                                                                                  • Opcode ID: f42ab25bf0afd4228a70fa0b2a1de329e4e4a9c9cb7792a2b9999c10b1785dbb
                                                                                                                                                                                                                  • Instruction ID: 1e642e93624c587d9d99b33573b768e29df00b4280e91e6925fbba00dbf7daca
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f42ab25bf0afd4228a70fa0b2a1de329e4e4a9c9cb7792a2b9999c10b1785dbb
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 25410970A047098FDB20EF69D884AEABBF5FF88310F114929E995D7391D778A841CB52
                                                                                                                                                                                                                  Function 008C1399 Relevance: 12.2, APIs: 8, Instructions: 158sleepthreadCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                    • Part of subcall function 008BFD82: calloc.MSVCRT ref: 008BFDAF
                                                                                                                                                                                                                  • CreateEventA.KERNEL32 ref: 008C13F8
                                                                                                                                                                                                                  • Sleep.KERNEL32 ref: 008C1417
                                                                                                                                                                                                                  • _beginthreadex.MSVCRT ref: 008C14BA
                                                                                                                                                                                                                  • CloseHandle.KERNEL32 ref: 008C14D4
                                                                                                                                                                                                                  • SetThreadPriority.KERNEL32 ref: 008C152D
                                                                                                                                                                                                                  • ResetEvent.KERNEL32(00000000,00000000), ref: 008C153B
                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 008C155B
                                                                                                                                                                                                                  • Sleep.KERNEL32(00000000), ref: 008C1571
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1983991856.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1983979746.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984045343.000000000092C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984095471.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984119797.000000000093A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984133777.000000000093D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_8b0000_FXdg37pY22.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: CloseEventHandleSleep$CreatePriorityResetThread_beginthreadexcalloc
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 1890343903-0
                                                                                                                                                                                                                  • Opcode ID: 34e3611c742a897bf0de53078947ef6f18528694c9d531489f90590c4c2c3bf0
                                                                                                                                                                                                                  • Instruction ID: 2412b7da0607963c06da32d0918aeb8ba7102b7c2865fdd2d9da4831734f4509
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 34e3611c742a897bf0de53078947ef6f18528694c9d531489f90590c4c2c3bf0
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: EF5118B1904A069FCB14DF69D888A6ABBF5FF49310F00862DE859C7792D734E850CF96
                                                                                                                                                                                                                  Function 008BE8DE Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 209synchronizationCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • WaitForSingleObject.KERNEL32(?,?,?,?,?,?,?,?,?,?,76ECFFB0,?,008BEBC4,00000000), ref: 008BE93A
                                                                                                                                                                                                                  • ResetEvent.KERNEL32(?,?,?,?,?,?,?,?,?,?,76ECFFB0,?,008BEBC4,00000000), ref: 008BE9AF
                                                                                                                                                                                                                  • WaitForSingleObject.KERNEL32(?,?,?,?,?,?,?,?,?,?,76ECFFB0), ref: 008BEB49
                                                                                                                                                                                                                    • Part of subcall function 008BF4A8: WaitForSingleObject.KERNEL32(?,?,?,?,?,?,008BEBC4,00000001,00000000,?,008BEB01), ref: 008BF4F5
                                                                                                                                                                                                                  • WaitForSingleObject.KERNEL32 ref: 008BEAAD
                                                                                                                                                                                                                    • Part of subcall function 008C0DA5: ResetEvent.KERNEL32(008BEBC4,00000000,?,008BEB65,?,?,?,?,?,?,?,?,?,?,76ECFFB0), ref: 008C0E00
                                                                                                                                                                                                                  • WaitForSingleObject.KERNEL32(?,?,?,?,?,?,?,?,?,?,76ECFFB0,?,008BEBC4,00000000), ref: 008BE9F2
                                                                                                                                                                                                                    • Part of subcall function 008BF4A8: WaitForSingleObject.KERNEL32(?,?,?,?,?,?,008BEBC4,00000001,00000000,?,008BEB01), ref: 008BF4CE
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1983991856.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1983979746.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984045343.000000000092C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984095471.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984119797.000000000093A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984133777.000000000093D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_8b0000_FXdg37pY22.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: ObjectSingleWait$EventReset
                                                                                                                                                                                                                  • String ID: (
                                                                                                                                                                                                                  • API String ID: 466820088-3887548279
                                                                                                                                                                                                                  • Opcode ID: c99cf2ba04aee30d5137d0161c808045058aa73cc7e1ab4b09d7b1baa25167fc
                                                                                                                                                                                                                  • Instruction ID: de482e978ee9d9a18b305b5b531fb3765b0dd8b16d897589900c5aac2a35b169
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c99cf2ba04aee30d5137d0161c808045058aa73cc7e1ab4b09d7b1baa25167fc
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8761A171D083298FEB205E6984847EFBAA8FF54720F15883AE8C6E7381C635DC449B52
                                                                                                                                                                                                                  Function 008C090B Relevance: 10.6, APIs: 7, Instructions: 109sleepthreadCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • TlsSetValue.KERNEL32 ref: 008C094C
                                                                                                                                                                                                                  • GetCurrentThreadId.KERNEL32 ref: 008C0954
                                                                                                                                                                                                                    • Part of subcall function 008BF7B0: GetCurrentThreadId.KERNEL32 ref: 008BF7DE
                                                                                                                                                                                                                  • _setjmp3.MSVCRT ref: 008C0977
                                                                                                                                                                                                                  • CloseHandle.KERNEL32 ref: 008C09EF
                                                                                                                                                                                                                  • TlsSetValue.KERNEL32(00000000), ref: 008C0A33
                                                                                                                                                                                                                  • Sleep.KERNEL32(?,?), ref: 008C0A73
                                                                                                                                                                                                                  • _endthreadex.MSVCRT ref: 008C0A7F
                                                                                                                                                                                                                    • Part of subcall function 008BF7B0: SetEvent.KERNEL32(00000000,?,?,008BFF26,?,?,?,00000000,00000000,?,008BFF43), ref: 008BF814
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1983991856.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1983979746.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984045343.000000000092C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984095471.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984119797.000000000093A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984133777.000000000093D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_8b0000_FXdg37pY22.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: CurrentThreadValue$CloseEventHandleSleep_endthreadex_setjmp3
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 291999405-0
                                                                                                                                                                                                                  • Opcode ID: 731b989dc4354e84fa123c13fbf394161e6322112b11ff6e6c69c7ef7ae43b14
                                                                                                                                                                                                                  • Instruction ID: e1be169a9a587a7bcc95fd4100b90a12211c8bd86c5d1e5742c3b056b4261e01
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 731b989dc4354e84fa123c13fbf394161e6322112b11ff6e6c69c7ef7ae43b14
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CA4193B4918605CFD704AFA8D885A6EBBF4FF09344F01886DE994DB312EB38D8459F52
                                                                                                                                                                                                                  Function 008C0BC9 Relevance: 10.6, APIs: 7, Instructions: 67COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                    • Part of subcall function 008BFF35: TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,008C0564), ref: 008BFF4B
                                                                                                                                                                                                                    • Part of subcall function 008BFF35: GetCurrentThreadId.KERNEL32 ref: 008BFF74
                                                                                                                                                                                                                    • Part of subcall function 008BFF35: CreateEventA.KERNEL32 ref: 008BFF92
                                                                                                                                                                                                                    • Part of subcall function 008BFF35: GetCurrentThread.KERNEL32 ref: 008BFFC2
                                                                                                                                                                                                                    • Part of subcall function 008BFF35: DuplicateHandle.KERNELBASE ref: 008BFFF3
                                                                                                                                                                                                                    • Part of subcall function 008BFF35: abort.MSVCRT(00000000,00000000), ref: 008C0000
                                                                                                                                                                                                                    • Part of subcall function 008BFF35: GetThreadPriority.KERNEL32(00000000,00000000), ref: 008C000B
                                                                                                                                                                                                                    • Part of subcall function 008BFF35: TlsSetValue.KERNEL32 ref: 008C0032
                                                                                                                                                                                                                  • longjmp.MSVCRT ref: 008C0C00
                                                                                                                                                                                                                  • TlsGetValue.KERNEL32(?,0000001C,?,008C0D4E,?,?,00000000,?,008C0E14,008BEBC4,00000000,?,008BEB65), ref: 008C0C0E
                                                                                                                                                                                                                  • CloseHandle.KERNEL32(?,?,008C0D4E,?,?,00000000,?,008C0E14,008BEBC4,00000000,?,008BEB65), ref: 008C0C31
                                                                                                                                                                                                                  • CloseHandle.KERNEL32(?,?,008C0D4E,?,?,00000000,?,008C0E14,008BEBC4,00000000,?,008BEB65), ref: 008C0C53
                                                                                                                                                                                                                  • CloseHandle.KERNEL32(?,?,008C0D4E,?,?,00000000,?,008C0E14,008BEBC4,00000000,?,008BEB65), ref: 008C0C71
                                                                                                                                                                                                                  • TlsSetValue.KERNEL32(?,?,?,008C0D4E,?,?,00000000,?,008C0E14,008BEBC4,00000000,?,008BEB65), ref: 008C0C92
                                                                                                                                                                                                                  • _endthreadex.MSVCRT(?,?,008C0D4E,?,?,00000000,?,008C0E14,008BEBC4,00000000,?,008BEB65), ref: 008C0C9D
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1983991856.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1983979746.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984045343.000000000092C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984095471.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984119797.000000000093A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984133777.000000000093D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_8b0000_FXdg37pY22.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: HandleValue$CloseThread$Current$CreateDuplicateEventPriority_endthreadexabortlongjmp
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 2786978526-0
                                                                                                                                                                                                                  • Opcode ID: 989fe052245ea79c62d99310b8e39e4ef52e55e41ea0dbcd2eef17004401be51
                                                                                                                                                                                                                  • Instruction ID: b2aa447da376cfbb18ac658a88a93d042e85fa16632ab2683296bee16bac2657
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 989fe052245ea79c62d99310b8e39e4ef52e55e41ea0dbcd2eef17004401be51
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7C21C2B0518701CFDB00AF78D988B2A7BF8FB08344F0549A8E984CB256E775D840DF92
                                                                                                                                                                                                                  Function 008C1C6A Relevance: 10.5, APIs: 7, Instructions: 48COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1983991856.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1983979746.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984045343.000000000092C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984095471.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984119797.000000000093A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984133777.000000000093D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_8b0000_FXdg37pY22.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: _errno$Process$CloseCurrentErrorHandleLastOpen
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 1444142086-0
                                                                                                                                                                                                                  • Opcode ID: cfdd70b29828de2eda88cbb8e1bd9e18bf25f7512b5ecb236a45a59adcd349d9
                                                                                                                                                                                                                  • Instruction ID: be70e5a18593c1898c18c12bc6aa086ebc43e87870ce7150b319a6bd2576e67c
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: cfdd70b29828de2eda88cbb8e1bd9e18bf25f7512b5ecb236a45a59adcd349d9
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 030129704583159FEB206FA5D8CCB9A7BB8FF06325F01412AFC95C3262D77588449AA3
                                                                                                                                                                                                                  Function 008B6CCC Relevance: 9.1, APIs: 6, Instructions: 109memoryCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • fputs.MSVCRT ref: 008B6CED
                                                                                                                                                                                                                  • vfprintf.MSVCRT ref: 008B6D0C
                                                                                                                                                                                                                  • abort.MSVCRT(?,?,00905A4D,?,008B702B), ref: 008B6D11
                                                                                                                                                                                                                  • VirtualQuery.KERNEL32 ref: 008B6DA2
                                                                                                                                                                                                                  • VirtualProtect.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,009383D0,00000000,00905A4D), ref: 008B6E12
                                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 008B6E1F
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1983991856.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1983979746.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984045343.000000000092C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984095471.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984119797.000000000093A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984133777.000000000093D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_8b0000_FXdg37pY22.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Virtual$ErrorLastProtectQueryabortfputsvfprintf
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 4170836266-0
                                                                                                                                                                                                                  • Opcode ID: 2c0f62f1cbc3bf7db34accbaa3bdad16098ac9af49cf19261ca572ea46224044
                                                                                                                                                                                                                  • Instruction ID: fce9440c1eba0c7e5487157ab347c16c6c92304764b304d4056697f96afff582
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2c0f62f1cbc3bf7db34accbaa3bdad16098ac9af49cf19261ca572ea46224044
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 034123709083059FC714EF69D9856AABBE5FF84314F15892DE8888B322EB78D8548F52
                                                                                                                                                                                                                  Function 008C0774 Relevance: 8.9, APIs: 7, Instructions: 123COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1983991856.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1983979746.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984045343.000000000092C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984095471.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984119797.000000000093A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984133777.000000000093D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_8b0000_FXdg37pY22.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: CloseHandle$Value
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 2076415241-0
                                                                                                                                                                                                                  • Opcode ID: 5a2be06800adb9cf326c1409be4e2a1e04e19b313ea344bcdf555e872141ceb4
                                                                                                                                                                                                                  • Instruction ID: 2b2f32f7d319ab12fd54b7a27b4ef03c1812131fe52de7a422740a20052011db
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5a2be06800adb9cf326c1409be4e2a1e04e19b313ea344bcdf555e872141ceb4
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8941E270A18205CBDB14AFB9DC84B6A7BF8FB48394F01856DA994CB252E770D940DF92
                                                                                                                                                                                                                  Function 008B7EE8 Relevance: 7.6, APIs: 5, Instructions: 120COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1983991856.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1983979746.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984045343.000000000092C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984095471.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984119797.000000000093A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984133777.000000000093D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_8b0000_FXdg37pY22.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: malloc$abortcallocrealloc
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 2175960609-0
                                                                                                                                                                                                                  • Opcode ID: fbcb57940df2f2ce33b6b26320a1961666dbc2c9ed9790b593c0f9128f3d7cd7
                                                                                                                                                                                                                  • Instruction ID: c101e8e81f179ac3d75f9512e997dfa43200d9e04b1e7ce62ef9b28ca1b6f3f6
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: fbcb57940df2f2ce33b6b26320a1961666dbc2c9ed9790b593c0f9128f3d7cd7
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9B417C71A08715CFCB14EF68C4809A9BBF5FF88350B068569E889DB311DB34E905CF86
                                                                                                                                                                                                                  Function 008C0901 Relevance: 7.6, APIs: 5, Instructions: 98sleepthreadCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • TlsSetValue.KERNEL32 ref: 008C094C
                                                                                                                                                                                                                  • GetCurrentThreadId.KERNEL32 ref: 008C0954
                                                                                                                                                                                                                    • Part of subcall function 008BF7B0: GetCurrentThreadId.KERNEL32 ref: 008BF7DE
                                                                                                                                                                                                                  • _setjmp3.MSVCRT ref: 008C0977
                                                                                                                                                                                                                  • CloseHandle.KERNEL32 ref: 008C09EF
                                                                                                                                                                                                                  • TlsSetValue.KERNEL32(00000000), ref: 008C0A33
                                                                                                                                                                                                                  • Sleep.KERNEL32(?,?), ref: 008C0A73
                                                                                                                                                                                                                  • _endthreadex.MSVCRT ref: 008C0A7F
                                                                                                                                                                                                                    • Part of subcall function 008BF7B0: SetEvent.KERNEL32(00000000,?,?,008BFF26,?,?,?,00000000,00000000,?,008BFF43), ref: 008BF814
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1983991856.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1983979746.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984045343.000000000092C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984095471.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984119797.000000000093A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984133777.000000000093D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_8b0000_FXdg37pY22.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: CurrentThreadValue$CloseEventHandleSleep_endthreadex_setjmp3
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 291999405-0
                                                                                                                                                                                                                  • Opcode ID: a205b9eeeb8e6d6e283a4e8ee4371b82c489cf9a70e1de52b0d3577b626638dc
                                                                                                                                                                                                                  • Instruction ID: b28b3b73f8b0b689776248764e0b00e8e14489097fd2dbe7351cc7b857e8dc77
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a205b9eeeb8e6d6e283a4e8ee4371b82c489cf9a70e1de52b0d3577b626638dc
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4E41B6B4918606CFD704AFA8D885A6EBBF4FF09344F01846DE994DB312EB38D8418F52
                                                                                                                                                                                                                  Function 008B70EC Relevance: 7.6, APIs: 5, Instructions: 90COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1983991856.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1983979746.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984045343.000000000092C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984095471.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984119797.000000000093A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984133777.000000000093D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_8b0000_FXdg37pY22.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: signal
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 1946981877-0
                                                                                                                                                                                                                  • Opcode ID: df0b0cd25789230c8965eb9ce692727839e27f27a451e8335c553aed2cdfab0f
                                                                                                                                                                                                                  • Instruction ID: b595dd940a2f9156eef2ebd4d6c744835719a433a24a3c17c5ea0b7e93fdef00
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: df0b0cd25789230c8965eb9ce692727839e27f27a451e8335c553aed2cdfab0f
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 42316FB090C7048AE7246B6C84413EE76D4FBC1358F25481AE9D6C7391D77AD8C09A77
                                                                                                                                                                                                                  Function 008BF630 Relevance: 7.6, APIs: 5, Instructions: 89COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1983991856.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1983979746.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984045343.000000000092C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984095471.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984119797.000000000093A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984133777.000000000093D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_8b0000_FXdg37pY22.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: freemalloc
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 3061335427-0
                                                                                                                                                                                                                  • Opcode ID: 3b2345c9c1e2ab0ab547b6afca91ddf73c013f11afd2a319fe514a98da7b9f23
                                                                                                                                                                                                                  • Instruction ID: edd4874d0d37a15fc996f7ce761648a6f8026c6ef7644b5cf56c02c271f331a4
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3b2345c9c1e2ab0ab547b6afca91ddf73c013f11afd2a319fe514a98da7b9f23
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: AF316A30A042059FDB189B698C446AAB7E0FF95314F10C0B9EA59CB326EF34C8429F96
                                                                                                                                                                                                                  Function 008BE4C4 Relevance: 7.6, APIs: 5, Instructions: 68COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • EnterCriticalSection.KERNEL32(?,?,?,?,?,00000001,?,?,008BEFF3,00000000), ref: 008BE4D7
                                                                                                                                                                                                                  • LeaveCriticalSection.KERNEL32(00000000,?,?,?,?,?,00000001,?,?,008BEFF3,00000000), ref: 008BE50D
                                                                                                                                                                                                                  • LeaveCriticalSection.KERNEL32(00000000), ref: 008BE526
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1983991856.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1983979746.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984045343.000000000092C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984095471.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984119797.000000000093A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984133777.000000000093D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_8b0000_FXdg37pY22.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: CriticalSection$Leave$Enter
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 2978645861-0
                                                                                                                                                                                                                  • Opcode ID: d72ec99e572bfb9db54cfe25b7245c9e283dd079929bf90c718b9315dd3d9f12
                                                                                                                                                                                                                  • Instruction ID: 304242eb16edae0727749e71fb5f069705fc013ddff720659a9d336773d39f80
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d72ec99e572bfb9db54cfe25b7245c9e283dd079929bf90c718b9315dd3d9f12
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7A1158B0A086199FCB00DF6DDC84AAEBBE8FF88715F018629E559C7310E634DD459B92
                                                                                                                                                                                                                  Function 008CAB4C Relevance: 7.6, APIs: 5, Instructions: 68stringCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1983991856.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1983979746.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984045343.000000000092C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984095471.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984119797.000000000093A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984133777.000000000093D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_8b0000_FXdg37pY22.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: setlocale$strftimestrlen
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 2773559992-0
                                                                                                                                                                                                                  • Opcode ID: 267a2ce57e5cf36612ba6fa6a7cd052ee58f57b73bfe7c9a210375d390ae355c
                                                                                                                                                                                                                  • Instruction ID: 7fdcc870f0e6741af3f00fdefc35e7a8918ad4fd70e474983bbb34ff529581bc
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 267a2ce57e5cf36612ba6fa6a7cd052ee58f57b73bfe7c9a210375d390ae355c
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5931A0B49097089FCB54EFA9D585A9EBBF0FF48310F01882EE898E7301E7349941CB56
                                                                                                                                                                                                                  Function 008CAE0C Relevance: 7.6, APIs: 5, Instructions: 68stringCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1983991856.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1983979746.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984045343.000000000092C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984095471.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984119797.000000000093A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984133777.000000000093D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_8b0000_FXdg37pY22.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: setlocale$strlenwcsftime
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 64219055-0
                                                                                                                                                                                                                  • Opcode ID: d7fcdf9777871a78258be47720ff9ca6018a8322f78287d5637fe82fcc06fe12
                                                                                                                                                                                                                  • Instruction ID: b785e959943097000536e0c88299c16e3018f249277057a875b700b02c631c52
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d7fcdf9777871a78258be47720ff9ca6018a8322f78287d5637fe82fcc06fe12
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 62317FB49097189FCB54EFA9D58569EBBF0FF48310F11882EE898E7301E7349981CB56
                                                                                                                                                                                                                  Function 0092423C Relevance: 7.6, APIs: 5, Instructions: 54stringCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1983991856.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1983979746.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984045343.000000000092C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984095471.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984119797.000000000093A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984133777.000000000093D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_8b0000_FXdg37pY22.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: setlocale$strcmpstrlen
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 3672321321-0
                                                                                                                                                                                                                  • Opcode ID: 2e6f6ab88df1f592402d36ce66c07c9e0d5491a655076f5e6d5249bc966bc38f
                                                                                                                                                                                                                  • Instruction ID: 3d6950a414946d09da0088aafd0028868290284fa19e92a34db11988cbcf6b30
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2e6f6ab88df1f592402d36ce66c07c9e0d5491a655076f5e6d5249bc966bc38f
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3411B6B19097159FCB14EFA9E48569EBBE4FB48350F01883DE988C7301E7789840CB57
                                                                                                                                                                                                                  Function 008C4DF8 Relevance: 7.6, APIs: 5, Instructions: 54stringCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1983991856.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1983979746.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984045343.000000000092C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984095471.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984119797.000000000093A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984133777.000000000093D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_8b0000_FXdg37pY22.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: _vsnprintffreemallocreallocstrlen
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 2333638281-0
                                                                                                                                                                                                                  • Opcode ID: 37330a604254a0719df7120e52ab6f769286636dc7b010894a82630928598e30
                                                                                                                                                                                                                  • Instruction ID: 02b874defe939c0951ce315348cde13540d488357152397dd6435e49788cd4e9
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 37330a604254a0719df7120e52ab6f769286636dc7b010894a82630928598e30
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B4112A719047159ADB106F698491AAABBF8FF44374F125A2EF894C7381DB74D4808B93
                                                                                                                                                                                                                  Function 008C1BFD Relevance: 7.5, APIs: 5, Instructions: 36COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1983991856.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1983979746.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984045343.000000000092C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984095471.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984119797.000000000093A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984133777.000000000093D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_8b0000_FXdg37pY22.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Process$CurrentErrorLastOpen_errno
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 1035239118-0
                                                                                                                                                                                                                  • Opcode ID: a020787b1ed47a7bb74054f9cc3e2aad418f8d889323493cd1ddab2f167f25d9
                                                                                                                                                                                                                  • Instruction ID: ffc19cdef2b16c5746c664d0b7f56536e8d8ff507a6ef5fe01d32771197d9e74
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a020787b1ed47a7bb74054f9cc3e2aad418f8d889323493cd1ddab2f167f25d9
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F4F062705183059BCF00AF75D9CCB1A7BB8FB65755F10452CF996C2262D635C840AE26
                                                                                                                                                                                                                  Function 00C87546 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 72fileCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • CopyFileW.KERNEL32(00000000,?,00000000), ref: 00C87607
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1984222717.0000000000C60000.00000040.10000000.00040000.00000000.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_c60000_FXdg37pY22.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: CopyFile
                                                                                                                                                                                                                  • String ID: B\$JC$OR
                                                                                                                                                                                                                  • API String ID: 1304948518-2992266057
                                                                                                                                                                                                                  • Opcode ID: 3f0a88a01a2a07963e43265a20f3fd62d7fc999a1609918ae387a84072c1d056
                                                                                                                                                                                                                  • Instruction ID: 286c83fccfd0832477691e33fd95212abef827a830aca2bcebd4a3261f988e2d
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3f0a88a01a2a07963e43265a20f3fd62d7fc999a1609918ae387a84072c1d056
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3A218D7464D340DFD3249FA0A84AB5FBBB4FB86304F50981CE1D58B2A1EBB88516DB47
                                                                                                                                                                                                                  Function 0090B400 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 44COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  • random_device could not be read, xrefs: 0090B44E
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1983991856.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1983979746.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984045343.000000000092C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984095471.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984119797.000000000093A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984133777.000000000093D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_8b0000_FXdg37pY22.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: _read
                                                                                                                                                                                                                  • String ID: random_device could not be read
                                                                                                                                                                                                                  • API String ID: 3312595324-883157155
                                                                                                                                                                                                                  • Opcode ID: ef559ab4f827e0a3f21ef919fc68e0a5b706d8c4ca7447a0239971c7da0ab462
                                                                                                                                                                                                                  • Instruction ID: 46278b4d6cd6f5a6059ffc808788a97fc0e0caeff329a92885b4a20f3d25f1e8
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ef559ab4f827e0a3f21ef919fc68e0a5b706d8c4ca7447a0239971c7da0ab462
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4B016D71A042019FCB10AFA9D88456AB7E8EF45754F104429E845C72B2D739DD05DB92
                                                                                                                                                                                                                  Function 008BFE4A Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 31threadCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1983991856.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1983979746.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984045343.000000000092C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984095471.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984119797.000000000093A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984133777.000000000093D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_8b0000_FXdg37pY22.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: CurrentDebugOutputStringThreadabort
                                                                                                                                                                                                                  • String ID: 5
                                                                                                                                                                                                                  • API String ID: 3512971422-2226203566
                                                                                                                                                                                                                  • Opcode ID: a61bb25452c15ec9b18236eb06d0b7ed18847c6c0490f9ac33e30f9cab7755a5
                                                                                                                                                                                                                  • Instruction ID: d73d54303c5d3899a2bb8712839ab1b8201146ccaa78e114324a5ec01c9f95f2
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a61bb25452c15ec9b18236eb06d0b7ed18847c6c0490f9ac33e30f9cab7755a5
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 78F05E70518704ABCB106FB8DC8949FBBF8FB44364F40492DE69887392EB3592458F93
                                                                                                                                                                                                                  Function 008BDCD8 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 19stringCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1983991856.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1983979746.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984045343.000000000092C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984095471.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984119797.000000000093A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984133777.000000000093D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_8b0000_FXdg37pY22.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: atoisetlocalestrchr
                                                                                                                                                                                                                  • String ID: .
                                                                                                                                                                                                                  • API String ID: 1223908000-248832578
                                                                                                                                                                                                                  • Opcode ID: 9978535371c109d4dbfea5a99aba8db5fdd8f4c3d350cac8ed83c877284b4e6f
                                                                                                                                                                                                                  • Instruction ID: 006a90b16b32ea11997acf6a19471e8de13ee031150a8ea6fde4a94d203fad6f
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9978535371c109d4dbfea5a99aba8db5fdd8f4c3d350cac8ed83c877284b4e6f
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 87E0E274618B005AC700BF3C88462ABBAE5FB84304F15D82C90C8C7346FA78C8409747
                                                                                                                                                                                                                  Function 008C0048 Relevance: 6.4, APIs: 5, Instructions: 110COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1983991856.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1983979746.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984045343.000000000092C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984095471.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984119797.000000000093A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984133777.000000000093D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_8b0000_FXdg37pY22.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: free$memmove
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 1534225298-0
                                                                                                                                                                                                                  • Opcode ID: da857fe419c641a0c81e2692c737e86810fdbddeb6b9c62356473ba33da986f0
                                                                                                                                                                                                                  • Instruction ID: 700fb3080e95db063890f9d9dd63051729a39b2224f20d01ba8b8b9ca616faa6
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: da857fe419c641a0c81e2692c737e86810fdbddeb6b9c62356473ba33da986f0
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A041CE70A08609CFCB50DFA9D880BAABBF5FB48384F19852AD449EB715E731D941CF52
                                                                                                                                                                                                                  Function 008B6A0F Relevance: 6.3, APIs: 5, Instructions: 86stringCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1983991856.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1983979746.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984045343.000000000092C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984095471.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984119797.000000000093A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984133777.000000000093D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_8b0000_FXdg37pY22.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: free$strcpystrlen
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 2746913497-0
                                                                                                                                                                                                                  • Opcode ID: a83adda8bb8ee3de229dfbf99ad7c16c40b8e64563365073685bb5b0f2c7a925
                                                                                                                                                                                                                  • Instruction ID: e26090973fc3a6a2a3f561eb3d6c5cbafcef9e437a798b05e2d40f344512b1eb
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a83adda8bb8ee3de229dfbf99ad7c16c40b8e64563365073685bb5b0f2c7a925
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 83314B719046298BCF209FA980806EEBBF0FF94324F14E129D855F7381E7789861CF92
                                                                                                                                                                                                                  Function 008C1653 Relevance: 6.1, APIs: 4, Instructions: 93COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • GetHandleInformation.KERNEL32 ref: 008C16A2
                                                                                                                                                                                                                    • Part of subcall function 008BF7B0: GetCurrentThreadId.KERNEL32 ref: 008BF7DE
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1983991856.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1983979746.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984045343.000000000092C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984095471.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984119797.000000000093A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984133777.000000000093D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_8b0000_FXdg37pY22.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: CurrentHandleInformationThread
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 2774142965-0
                                                                                                                                                                                                                  • Opcode ID: 19a3c8800a233806ea9d1475be0a726e3fe2ba24e76793cf5deff3d9e503c9f6
                                                                                                                                                                                                                  • Instruction ID: cb00a735c90a35a9599c034be8ac2968d72fe125cdad051aec228545be02213f
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 19a3c8800a233806ea9d1475be0a726e3fe2ba24e76793cf5deff3d9e503c9f6
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 043108B55046048ADB10AFB9D8C9B6ABBF8FF46350F05446DE994CB307DA34D840CBA3
                                                                                                                                                                                                                  Function 008BE08C Relevance: 6.1, APIs: 4, Instructions: 87COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1983991856.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1983979746.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984045343.000000000092C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984095471.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984119797.000000000093A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984133777.000000000093D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_8b0000_FXdg37pY22.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Byte$CharMultiWide$Lead_errno
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 2766522060-0
                                                                                                                                                                                                                  • Opcode ID: 1e62afe899886a5039f416d35c2a84cea5715fb310d1585610268420eb7bfa3b
                                                                                                                                                                                                                  • Instruction ID: 70ce78be808fddebbe1d66531b24fc10ab2a16740be02cd7ac894d3224ad43d9
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1e62afe899886a5039f416d35c2a84cea5715fb310d1585610268420eb7bfa3b
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B43126B05087469FDB109F29C4443EABBE0FF85359F10855EE8A48B391D3B59949CBA3
                                                                                                                                                                                                                  Function 008C05AA Relevance: 6.1, APIs: 4, Instructions: 77COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,008B7AF0,?,?,00000000,?,008B1B51), ref: 008C05B3
                                                                                                                                                                                                                    • Part of subcall function 008BFF35: TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,008C0564), ref: 008BFF4B
                                                                                                                                                                                                                    • Part of subcall function 008BFF35: GetCurrentThreadId.KERNEL32 ref: 008BFF74
                                                                                                                                                                                                                    • Part of subcall function 008BFF35: CreateEventA.KERNEL32 ref: 008BFF92
                                                                                                                                                                                                                    • Part of subcall function 008BFF35: GetCurrentThread.KERNEL32 ref: 008BFFC2
                                                                                                                                                                                                                    • Part of subcall function 008BFF35: DuplicateHandle.KERNELBASE ref: 008BFFF3
                                                                                                                                                                                                                    • Part of subcall function 008BFF35: abort.MSVCRT(00000000,00000000), ref: 008C0000
                                                                                                                                                                                                                    • Part of subcall function 008BFF35: GetThreadPriority.KERNEL32(00000000,00000000), ref: 008C000B
                                                                                                                                                                                                                    • Part of subcall function 008BFF35: TlsSetValue.KERNEL32 ref: 008C0032
                                                                                                                                                                                                                  • realloc.MSVCRT ref: 008C05F0
                                                                                                                                                                                                                  • realloc.MSVCRT ref: 008C0606
                                                                                                                                                                                                                  • SetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,008B7AF0,?,?,00000000,?,008B1B51), ref: 008C0674
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1983991856.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1983979746.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984045343.000000000092C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984095471.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984119797.000000000093A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984133777.000000000093D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_8b0000_FXdg37pY22.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Thread$CurrentErrorLastValuerealloc$CreateDuplicateEventHandlePriorityabort
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 1142088241-0
                                                                                                                                                                                                                  • Opcode ID: f9f3a65d60137263bab874410f77a6e1e09ba501866ffe372694adcbe1f12046
                                                                                                                                                                                                                  • Instruction ID: ea229dd253f8917283c5a38b7da44d7634ee2cbfd2c06be3af9d92da1f96df04
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f9f3a65d60137263bab874410f77a6e1e09ba501866ffe372694adcbe1f12046
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3A31E6B5A046199BCF00DF68C484999BBF5FF48354F118569E948DB306EB34E841CF92
                                                                                                                                                                                                                  Function 008C1582 Relevance: 6.1, APIs: 4, Instructions: 76synchronizationCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1983991856.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1983979746.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984045343.000000000092C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984095471.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984119797.000000000093A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984133777.000000000093D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_8b0000_FXdg37pY22.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Handle$Close$InformationObjectSingleWait
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 135186658-0
                                                                                                                                                                                                                  • Opcode ID: b34b086df23d5ac36b463766d38922fa6c58a6ec617cc45bd8c0599a155aa798
                                                                                                                                                                                                                  • Instruction ID: 848ef6318e3fc6a2f0eaba9f856e0ec3521659c71ea333c75fcaa0c6bf61011e
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b34b086df23d5ac36b463766d38922fa6c58a6ec617cc45bd8c0599a155aa798
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: AF2125706046049BDB10EF39D9C8E6ABBF9FB85720F05856DE884CB246EB30D841CB92
                                                                                                                                                                                                                  Function 008C01FA Relevance: 6.0, APIs: 4, Instructions: 46threadCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1983991856.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1983979746.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984045343.000000000092C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984095471.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984119797.000000000093A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984133777.000000000093D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_8b0000_FXdg37pY22.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: CurrentThreadprintf
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 2356641437-0
                                                                                                                                                                                                                  • Opcode ID: be783dfce1568b8a0dddaa6f9864cda37cfe51e1448ce28f51e6e58179a9e198
                                                                                                                                                                                                                  • Instruction ID: 991a50ddccc8514eb696a52734c91fd55f7b97e8e89a093640fc8703d61d4112
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: be783dfce1568b8a0dddaa6f9864cda37cfe51e1448ce28f51e6e58179a9e198
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D91152B5518304DB8B00AF69D88595ABBE5FB887A0F01882EE898C7311D674D9808F92
                                                                                                                                                                                                                  Function 008C1E6F Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 35COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1983991856.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1983979746.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984045343.000000000092C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984095471.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984119797.000000000093A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984133777.000000000093D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_8b0000_FXdg37pY22.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: exitfprintf
                                                                                                                                                                                                                  • String ID: (
                                                                                                                                                                                                                  • API String ID: 4243785698-3887548279
                                                                                                                                                                                                                  • Opcode ID: c243f6c4dc6c65eb03b5816ccd27923b2167decb1e53ae07ac6dce535b74adc7
                                                                                                                                                                                                                  • Instruction ID: f84aec1c6793cc65c7a02eb7b389ba6d7d5631af8e5501216de849d65fd47dcd
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c243f6c4dc6c65eb03b5816ccd27923b2167decb1e53ae07ac6dce535b74adc7
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2101FBB1108310CFD714AF99E88965DBBE4FB45314F05995CE498CB306C7B59884CF93
                                                                                                                                                                                                                  Function 008BED46 Relevance: 5.1, APIs: 4, Instructions: 88COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,00000000,?,008C6694,?,008C2475), ref: 008BED87
                                                                                                                                                                                                                  • LeaveCriticalSection.KERNEL32(008C6694,?,?,?,?,?,?,00000000,?,008C6694,?,008C2475), ref: 008BEE08
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1983991856.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1983979746.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984045343.000000000092C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984095471.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984119797.000000000093A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984133777.000000000093D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_8b0000_FXdg37pY22.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: CriticalSection$EnterLeave
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 3168844106-0
                                                                                                                                                                                                                  • Opcode ID: 0b7760e62c90d492155327711bfc850543909c19e692f1d3fccb01711254df19
                                                                                                                                                                                                                  • Instruction ID: 2972133cea322754b84d6aea2130ee019cc74a4da37e146767fa7d329040c435
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0b7760e62c90d492155327711bfc850543909c19e692f1d3fccb01711254df19
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 07314A71A046058FCB24DF2DD8C0AEAB7E4FF84320F18856AE955CB345D370D945CB92
                                                                                                                                                                                                                  Function 008BEE35 Relevance: 5.1, APIs: 4, Instructions: 88COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,008C7796), ref: 008BEE76
                                                                                                                                                                                                                  • LeaveCriticalSection.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,008C7796), ref: 008BEEC1
                                                                                                                                                                                                                  • LeaveCriticalSection.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,008C7796), ref: 008BEEE2
                                                                                                                                                                                                                  • LeaveCriticalSection.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,008C7796), ref: 008BEEF8
                                                                                                                                                                                                                    • Part of subcall function 008BEB6F: EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,00000001,?,?,008BEF8E), ref: 008BEB8C
                                                                                                                                                                                                                    • Part of subcall function 008BEB6F: LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,00000001,?,?,008BEF8E), ref: 008BEBA0
                                                                                                                                                                                                                    • Part of subcall function 008BEB6F: EnterCriticalSection.KERNEL32(00000000,?,?,?,?,?,?,?,?,00000001,?,?,008BEF8E), ref: 008BEBC9
                                                                                                                                                                                                                    • Part of subcall function 008BEB6F: LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,00000001,?,?,008BEF8E), ref: 008BEBD9
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1983991856.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1983979746.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984045343.000000000092C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984095471.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984119797.000000000093A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984133777.000000000093D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_8b0000_FXdg37pY22.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: CriticalSection$Leave$Enter
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 2978645861-0
                                                                                                                                                                                                                  • Opcode ID: eb1a9d336b5d562a3a1dbae6b4df788f2375040cdc2c031dc22b05549d73a442
                                                                                                                                                                                                                  • Instruction ID: 50e2fe0a18b88ec55abedf2598a5f633f52abd48c65e417b0a57afc190eb08a6
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: eb1a9d336b5d562a3a1dbae6b4df788f2375040cdc2c031dc22b05549d73a442
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 60313A71A04609CFCB14DF6AC8C09EAB7E4FF84364F14856AE858CB345E730D941DBA2
                                                                                                                                                                                                                  Function 008BEB6F Relevance: 5.1, APIs: 4, Instructions: 51COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,00000001,?,?,008BEF8E), ref: 008BEB8C
                                                                                                                                                                                                                  • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,00000001,?,?,008BEF8E), ref: 008BEBA0
                                                                                                                                                                                                                  • EnterCriticalSection.KERNEL32(00000000,?,?,?,?,?,?,?,?,00000001,?,?,008BEF8E), ref: 008BEBC9
                                                                                                                                                                                                                  • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,00000001,?,?,008BEF8E), ref: 008BEBD9
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1983991856.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1983979746.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984045343.000000000092C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984095471.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984119797.000000000093A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984133777.000000000093D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_8b0000_FXdg37pY22.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: CriticalSection$EnterLeave
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 3168844106-0
                                                                                                                                                                                                                  • Opcode ID: 67ce90283348fec495cad3b6149e76aec653546e465894dfce21db48f48c449f
                                                                                                                                                                                                                  • Instruction ID: d53c3307873595401519a56180b481f8c2116bbfd78a6c1592a26815ba0c61e0
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 67ce90283348fec495cad3b6149e76aec653546e465894dfce21db48f48c449f
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 95113CB5A086199FCB149F69D88489EBBF8FF8C311B01846EE99AE7310C7359900CF91
                                                                                                                                                                                                                  Function 008BD0E4 Relevance: 5.0, APIs: 4, Instructions: 49sleepCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • EnterCriticalSection.KERNEL32(00000000,?,?,008BD1EF,?,?,00000000,?,?,?,008BD99A), ref: 008BD106
                                                                                                                                                                                                                  • InitializeCriticalSection.KERNEL32(00000000,?,?,008BD1EF,?,?,00000000,?,?,?,008BD99A), ref: 008BD12F
                                                                                                                                                                                                                  • InitializeCriticalSection.KERNEL32(?,?,008BD1EF,?,?,00000000,?,?,?,008BD99A), ref: 008BD139
                                                                                                                                                                                                                  • Sleep.KERNEL32(00000000,?,?,008BD1EF,?,?,00000000,?,?,?,008BD99A), ref: 008BD16A
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1983991856.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1983979746.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984045343.000000000092C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984095471.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984119797.000000000093A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984133777.000000000093D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_8b0000_FXdg37pY22.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: CriticalSection$Initialize$EnterSleep
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 1117354567-0
                                                                                                                                                                                                                  • Opcode ID: f1f896ea35a48518e250b48787e407b81188114ca569a39d40ce7d137fa0337e
                                                                                                                                                                                                                  • Instruction ID: 99b6db4b70df099a3ab5fe4fd505a7e9771aee6317bc795519b772c0f7082207
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f1f896ea35a48518e250b48787e407b81188114ca569a39d40ce7d137fa0337e
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E1017CB0518304ABDB206F9DEC857EABBE8FB04358F500519E599C6311E7BA9880DF93
                                                                                                                                                                                                                  Function 008B7230 Relevance: 5.0, APIs: 4, Instructions: 34COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • EnterCriticalSection.KERNEL32(?,?,?,008B7409,?,?,?,?,008B6BD0), ref: 008B723F
                                                                                                                                                                                                                  • TlsGetValue.KERNEL32(?,?,?,?,008B7409,?,?,?,?,008B6BD0), ref: 008B7255
                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,?,?,008B7409,?,?,?,?,008B6BD0), ref: 008B725E
                                                                                                                                                                                                                  • LeaveCriticalSection.KERNEL32(?,?,?,?,008B7409,?,?,?,?,008B6BD0), ref: 008B7280
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.1983991856.00000000008B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1983979746.00000000008B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984045343.000000000092C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984095471.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984119797.000000000093A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.1984133777.000000000093D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_8b0000_FXdg37pY22.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: CriticalSection$EnterErrorLastLeaveValue
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 682475483-0
                                                                                                                                                                                                                  • Opcode ID: 4fe1801256e8a53c4f8e0b423669e46eb8c3c742b8dfa0e37dcb3e8915f3e0fd
                                                                                                                                                                                                                  • Instruction ID: b36923f095af88f4345a2d9d6308ea493780f06c5a752bf152429592af70be47
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4fe1801256e8a53c4f8e0b423669e46eb8c3c742b8dfa0e37dcb3e8915f3e0fd
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0DF01771518310DBCB10AFA9E9C86AABBE8FB48751B000558E986C7311D7759C44DFA2