Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Leside-.exe

Overview

General Information

Sample name:Leside-.exe
Analysis ID:1581494
MD5:54bb85bce47c855c509a16b32970c38b
SHA1:23c1819fbc72cf7d645c036324d85208df6c77f3
SHA256:3ccd2f2337a264971fed13bf7b3e4ca076afde84ba7b6c681f467b5021c0923e
Tags:exeuser-aachum
Infos:

Detection

LummaC
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Found malware configuration
Suricata IDS alerts for network traffic
Yara detected LummaC Stealer
.NET source code contains very large array initializations
AI detected suspicious sample
Allocates memory in foreign processes
C2 URLs / IPs found in malware configuration
Injects a PE file into a foreign processes
LummaC encrypted strings found
Machine Learning detection for dropped file
Machine Learning detection for sample
Sample uses string decryption to hide its real strings
Writes to foreign memory regions
Allocates memory with a write watch (potentially for evading sandboxes)
Allocates memory within range which is reserved for system DLLs (kernel32.dll, advapi32.dll, etc)
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Contains functionality to read the clipboard data
Contains functionality to record screenshots
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • Leside-.exe (PID: 2120 cmdline: "C:\Users\user\Desktop\Leside-.exe" MD5: 54BB85BCE47C855C509A16B32970C38B)
    • conhost.exe (PID: 2492 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • aspnet_regiis.exe (PID: 480 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe" MD5: 5D1D74198D75640E889F0A577BBF31FC)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Lumma Stealer, LummaC2 StealerLumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.lumma

Malware Configuration

Threatname: LummaC

{"C2 url": ["ingreem-eilish.biz", "scentniej.buzz", "screwamusresz.buzz", "hummskitnj.buzz", "rebuildeso.buzz", "appliacnesot.buzz", "inherineau.buzz", "cashfuzysao.buzz", "prisonyfork.buzz"], "Build id": "HpOoIh--c8a131f8922d"}

Yara Signatures

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
sslproxydump.pcapJoeSecurity_LummaCStealer_2Yara detected LummaC StealerJoe Security

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    decrypted.binstrJoeSecurity_LummaCStealer_2Yara detected LummaC StealerJoe Security

      Sigma Signatures

      No Sigma rule has matched

      Suricata Signatures

      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2024-12-27T22:29:58.577963+010020283713Unknown Traffic192.168.2.44973092.122.104.90443TCP
      2024-12-27T22:30:01.088185+010020283713Unknown Traffic192.168.2.449731104.21.66.86443TCP
      2024-12-27T22:30:02.792004+010020283713Unknown Traffic192.168.2.449732104.21.66.86443TCP
      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2024-12-27T22:30:01.877190+010020546531A Network Trojan was detected192.168.2.449731104.21.66.86443TCP
      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2024-12-27T22:30:01.877190+010020498361A Network Trojan was detected192.168.2.449731104.21.66.86443TCP
      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2024-12-27T22:29:59.375510+010028586661Domain Observed Used for C2 Detected192.168.2.44973092.122.104.90443TCP

      Joe Sandbox Signatures

      Click to jump to signature section

      Show All Signature Results

      AV Detection

      barindex
      Antivirus detection for URL or domain
      Source: https://lev-tolstoi.com/apipAvira URL Cloud: Label: malware
      Source: https://lev-tolstoi.com/apiQqrBAvira URL Cloud: Label: malware
      Source: https://lev-tolstoi.com//Avira URL Cloud: Label: malware
      Found malware configuration
      Source: Leside-.exeMalware Configuration Extractor: LummaC {"C2 url": ["ingreem-eilish.biz", "scentniej.buzz", "screwamusresz.buzz", "hummskitnj.buzz", "rebuildeso.buzz", "appliacnesot.buzz", "inherineau.buzz", "cashfuzysao.buzz", "prisonyfork.buzz"], "Build id": "HpOoIh--c8a131f8922d"}
      AI detected suspicious sample
      Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
      Machine Learning detection for dropped file
      Source: C:\Users\user\AppData\Roaming\gdi32.dllJoe Sandbox ML: detected
      Machine Learning detection for sample
      Source: Leside-.exeJoe Sandbox ML: detected
      Sample uses string decryption to hide its real strings
      Source: Leside-.exeString decryptor: hummskitnj.buzz
      Source: Leside-.exeString decryptor: cashfuzysao.buzz
      Source: Leside-.exeString decryptor: appliacnesot.buzz
      Source: Leside-.exeString decryptor: screwamusresz.buzz
      Source: Leside-.exeString decryptor: inherineau.buzz
      Source: Leside-.exeString decryptor: scentniej.buzz
      Source: Leside-.exeString decryptor: rebuildeso.buzz
      Source: Leside-.exeString decryptor: prisonyfork.buzz
      Source: Leside-.exeString decryptor: ingreem-eilish.biz
      Source: Leside-.exeString decryptor: lid=%s&j=%s&ver=4.0
      Source: Leside-.exeString decryptor: TeslaBrowser/5.5
      Source: Leside-.exeString decryptor: - Screen Resoluton:
      Source: Leside-.exeString decryptor: - Physical Installed Memory:
      Source: Leside-.exeString decryptor: Workgroup: -
      Source: Leside-.exeString decryptor: HpOoIh--c8a131f8922d
      Source: Leside-.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
      Source: unknownHTTPS traffic detected: 92.122.104.90:443 -> 192.168.2.4:49730 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 104.21.66.86:443 -> 192.168.2.4:49731 version: TLS 1.2
      Source: Leside-.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
      Source: C:\Users\user\Desktop\Leside-.exeCode function: 0_2_6CE40B60 FindFirstFileExW,0_2_6CE40B60
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then lea esi, dword ptr [eax+00000270h]2_2_72C48A50
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov edx, ebx2_2_72C48600
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov ebx, dword ptr [edi+04h]2_2_72C6AAC0
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then cmp dword ptr [ecx+ebx*8], 385488F2h2_2_72C7CA40
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov word ptr [eax], cx2_2_72C61A10
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then movzx ebx, byte ptr [edx]2_2_72C76210
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then dec edx2_2_72C7FA20
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then add eax, dword ptr [esp+ecx*4+24h]2_2_72C473D0
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then movzx ecx, word ptr [edi+esi*4]2_2_72C473D0
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], 385488F2h2_2_72C683D8
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax-6E2DD57Fh]2_2_72C5EB80
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax+0Ah]2_2_72C4AB40
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then cmp word ptr [edi+ebx+02h], 0000h2_2_72C80340
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov byte ptr [ebx], al2_2_72C6D34A
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov ecx, eax2_2_72C5C300
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov edx, ecx2_2_72C58B15
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then dec edx2_2_72C7FB10
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then dec edx2_2_72C7FB2A
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then dec edx2_2_72C7FB28
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov esi, ecx2_2_72C690D0
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov byte ptr [ebx], al2_2_72C6E0DA
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov ecx, eax2_2_72C5D8D8
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov ecx, eax2_2_72C5D8D8
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov byte ptr [ebx], al2_2_72C6C0E6
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov edx, ecx2_2_72C5B8F6
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov edx, ecx2_2_72C5B8F6
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov byte ptr [ebx], al2_2_72C6C09E
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov eax, ebx2_2_72C5C8A0
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then movzx esi, byte ptr [esp+eax-000000BEh]2_2_72C5C8A0
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then movzx ebx, byte ptr [esp+edx+0Ah]2_2_72C5C8A0
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax-2E3D7ACEh]2_2_72C5C8A0
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov ecx, eax2_2_72C5D8AC
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov ecx, eax2_2_72C5D8AC
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov byte ptr [edi], al2_2_72C6C850
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then push esi2_2_72C4C805
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], 385488F2h2_2_72C62830
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then movzx esi, byte ptr [esp+ecx+04h]2_2_72C7C830
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], 385488F2h2_2_72C681CC
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], 385488F2h2_2_72C689E9
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov byte ptr [edi], al2_2_72C6B980
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then cmp dword ptr [ebx+edi*8], 385488F2h2_2_72C7C990
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then jmp edx2_2_72C639B9
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then movzx ecx, byte ptr [edx+eax]2_2_72C639B9
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov byte ptr [ebx], al2_2_72C6C09E
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then movzx ebx, byte ptr [esp+ecx-16h]2_2_72C81160
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov eax, dword ptr [72C86130h]2_2_72C58169
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then cmp byte ptr [esi+ebx], 00000000h2_2_72C6B170
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov ecx, eax2_2_72C6D17D
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov ecx, eax2_2_72C6D116
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax-16h]2_2_72C806F0
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov edx, ecx2_2_72C69E80
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then movzx eax, byte ptr [ebp+edi+00000090h]2_2_72C42EB0
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov ecx, eax2_2_72C62E6D
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then jmp edx2_2_72C62E6D
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then movzx ecx, byte ptr [edx+eax]2_2_72C62E6D
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov byte ptr [ebx], al2_2_72C6DE07
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then dec edx2_2_72C7FE00
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then jmp edx2_2_72C637D6
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov dword ptr [esp+20h], eax2_2_72C49780
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax+20h]2_2_72C67740
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov word ptr [eax], cx2_2_72C56F52
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov ecx, eax2_2_72C6BF13
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov edi, dword ptr [esp+28h]2_2_72C65F1B
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax-16h]2_2_72C81720
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then jmp eax2_2_72C69739
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], 385488F2h2_2_72C54CA0
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov eax, ebx2_2_72C67440
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax+09AD4080h]2_2_72C67440
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then movzx edx, byte ptr [eax+edi-74D5A7FEh]2_2_72C6C465
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov byte ptr [ebx], al2_2_72C6C465
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov word ptr [eax], cx2_2_72C5747D
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov word ptr [edx], di2_2_72C5747D
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov edi, dword ptr [esi+30h]2_2_72C4CC7A
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then movzx esi, byte ptr [ebp+eax-46h]2_2_72C7EDC1
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], 2213E57Fh2_2_72C7CDF0
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then movzx esi, byte ptr [esp+ecx-3ECB279Fh]2_2_72C7CDF0
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], 2213E57Fh2_2_72C7CDF0
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then cmp dword ptr [ebp+ebx*8+00h], 7F7BECC6h2_2_72C7CDF0
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov byte ptr [ebx], al2_2_72C6DDFF
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov edi, ecx2_2_72C6A5B6
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then dec edx2_2_72C7FD70
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then movzx ecx, byte ptr [esi+eax+61765397h]2_2_72C5B57D
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then movzx edx, byte ptr [esp+ecx-16h]2_2_72C80D20
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then mov edx, ecx2_2_72C66D2E
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], 385488F2h2_2_72C68528

      Networking

      barindex
      Suricata IDS alerts for network traffic
      Source: Network trafficSuricata IDS: 2858666 - Severity 1 - ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup : 192.168.2.4:49730 -> 92.122.104.90:443
      Source: Network trafficSuricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:49731 -> 104.21.66.86:443
      Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49731 -> 104.21.66.86:443
      C2 URLs / IPs found in malware configuration
      Source: Malware configuration extractorURLs: ingreem-eilish.biz
      Source: Malware configuration extractorURLs: scentniej.buzz
      Source: Malware configuration extractorURLs: screwamusresz.buzz
      Source: Malware configuration extractorURLs: hummskitnj.buzz
      Source: Malware configuration extractorURLs: rebuildeso.buzz
      Source: Malware configuration extractorURLs: appliacnesot.buzz
      Source: Malware configuration extractorURLs: inherineau.buzz
      Source: Malware configuration extractorURLs: cashfuzysao.buzz
      Source: Malware configuration extractorURLs: prisonyfork.buzz
      Source: Joe Sandbox ViewIP Address: 104.21.66.86 104.21.66.86
      Source: Joe Sandbox ViewIP Address: 92.122.104.90 92.122.104.90
      Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
      Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49731 -> 104.21.66.86:443
      Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49732 -> 104.21.66.86:443
      Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49730 -> 92.122.104.90:443
      Source: global trafficHTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
      Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: lev-tolstoi.com
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: global trafficHTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
      Source: aspnet_regiis.exe, 00000002.00000002.1739605444.0000000003624000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729032076.0000000003624000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1738368582.0000000003624000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: .google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ htt` equals www.youtube.com (Youtube)
      Source: aspnet_regiis.exe, 00000002.00000003.1706150176.0000000003624000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)
      Source: aspnet_regiis.exe, 00000002.00000003.1706150176.0000000003624000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Content-Security-Policydefault-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcast equals www.youtube.com (Youtube)
      Source: aspnet_regiis.exe, 00000002.00000003.1706112196.0000000003656000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: chat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)
      Source: aspnet_regiis.exe, 00000002.00000003.1706112196.0000000003656000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: chat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7C185ce35c568ebbb18a145d0cabae7186; Path=/; Secure; HttpOnly; SameSite=Nonesessionid=4b81e9edead33889589ee890; Path=/; Secure; SameSite=NoneSet-CookienginxServerRetry-AfterProxy-SupportProxy-AuthenticateP3PLocationETagAuthentication-InfoAgeAccept-RangesLast-ModifiedMon, 26 Jul 1997 05:00:00 GMTExpiresContent-RangeContent-MD5Content-LocationContent-LanguageContent-Encodingtext/html; charset=UTF-8Content-Type35121Content-LengthAllowWarningViaUpgradeTransfer-EncodingTrailerPragmaKeep-AliveFri, 27 Dec 2024 21:29:59 GMTDateProxy-ConnectioncloseConnectionno-cacheCache-Control% equals www.youtube.com (Youtube)
      Source: aspnet_regiis.exe, 00000002.00000003.1706150176.0000000003624000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcast equals www.youtube.com (Youtube)
      Source: aspnet_regiis.exe, 00000002.00000002.1739605444.0000000003624000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729032076.0000000003624000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1738368582.0000000003624000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: om/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://play equals www.youtube.com (Youtube)
      Source: aspnet_regiis.exe, 00000002.00000002.1739605444.0000000003624000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729032076.0000000003624000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1738368582.0000000003624000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: s://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-sr equals www.youtube.com (Youtube)
      Source: global trafficDNS traffic detected: DNS query: ingreem-eilish.biz
      Source: global trafficDNS traffic detected: DNS query: prisonyfork.buzz
      Source: global trafficDNS traffic detected: DNS query: rebuildeso.buzz
      Source: global trafficDNS traffic detected: DNS query: scentniej.buzz
      Source: global trafficDNS traffic detected: DNS query: inherineau.buzz
      Source: global trafficDNS traffic detected: DNS query: screwamusresz.buzz
      Source: global trafficDNS traffic detected: DNS query: appliacnesot.buzz
      Source: global trafficDNS traffic detected: DNS query: cashfuzysao.buzz
      Source: global trafficDNS traffic detected: DNS query: hummskitnj.buzz
      Source: global trafficDNS traffic detected: DNS query: steamcommunity.com
      Source: global trafficDNS traffic detected: DNS query: lev-tolstoi.com
      Source: unknownHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: lev-tolstoi.com
      Source: aspnet_regiis.exe, 00000002.00000003.1706112196.0000000003656000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1738368582.0000000003624000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729150438.0000000003624000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1739196469.0000000003624000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1706150176.0000000003624000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1:27060
      Source: aspnet_regiis.exe, 00000002.00000003.1706112196.0000000003656000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729002687.0000000003662000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1739120749.00000000035C7000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729136674.0000000003662000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1706112196.000000000365C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000002.1739527863.00000000035C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/account/cookiepreferences/
      Source: aspnet_regiis.exe, 00000002.00000003.1706112196.0000000003656000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729002687.0000000003662000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1739120749.00000000035C7000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729136674.0000000003662000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1706112196.000000000365C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000002.1739527863.00000000035C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/privacy_agreement/
      Source: aspnet_regiis.exe, 00000002.00000003.1706112196.0000000003656000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729002687.0000000003662000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1739120749.00000000035C7000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729136674.0000000003662000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1706112196.000000000365C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000002.1739527863.00000000035C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/subscriber_agreement/
      Source: aspnet_regiis.exe, 00000002.00000003.1729002687.0000000003662000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729136674.0000000003662000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1706112196.000000000365C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.valvesoftware.com/legal.htm
      Source: aspnet_regiis.exe, 00000002.00000003.1706150176.0000000003624000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.steampowered.com/
      Source: aspnet_regiis.exe, 00000002.00000003.1706112196.000000000365C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729032076.00000000035C9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://avatars.fastly.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg
      Source: aspnet_regiis.exe, 00000002.00000003.1706150176.0000000003624000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://broadcast.st.dl.eccdnx.com
      Source: aspnet_regiis.exe, 00000002.00000002.1739605444.0000000003624000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729032076.0000000003624000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1738368582.0000000003624000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729150438.0000000003624000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1739196469.0000000003624000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.fastly.
      Source: aspnet_regiis.exe, 00000002.00000003.1706150176.0000000003624000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/
      Source: aspnet_regiis.exe, 00000002.00000002.1739605444.0000000003624000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729032076.0000000003624000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1738368582.0000000003624000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729150438.0000000003624000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1739196469.0000000003624000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://checkout.steampow
      Source: aspnet_regiis.exe, 00000002.00000003.1706150176.0000000003624000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://checkout.steampowered.com/
      Source: aspnet_regiis.exe, 00000002.00000002.1739605444.0000000003624000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729032076.0000000003624000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1738368582.0000000003624000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729150438.0000000003624000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1739196469.0000000003624000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstat
      Source: aspnet_regiis.exe, 00000002.00000003.1706150176.0000000003624000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/
      Source: aspnet_regiis.exe, 00000002.00000003.1706112196.0000000003656000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729002687.0000000003662000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1739120749.00000000035C7000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729136674.0000000003662000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1706112196.000000000365C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000002.1739527863.00000000035C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/applications/community/main.css?v=Lj6X7NKUMfzk&a
      Source: aspnet_regiis.exe, 00000002.00000003.1706112196.0000000003656000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729002687.0000000003662000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729136674.0000000003662000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1706112196.000000000365C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/globalv2.css?v=hzEgqbtRcI5V&l=english&_c
      Source: aspnet_regiis.exe, 00000002.00000003.1706112196.0000000003656000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729002687.0000000003662000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729136674.0000000003662000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1706112196.000000000365C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/promo/summer2017/stickers.css?v=Ncr6N09yZIap&amp
      Source: aspnet_regiis.exe, 00000002.00000003.1706112196.0000000003656000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729002687.0000000003662000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729136674.0000000003662000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1706112196.000000000365C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/header.css?v=EM4kCu67DNda&l=english&a
      Source: aspnet_regiis.exe, 00000002.00000003.1706112196.0000000003656000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729002687.0000000003662000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729136674.0000000003662000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1706112196.000000000365C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/modalContent.css?v=WXAusLHclDIt&l=eng
      Source: aspnet_regiis.exe, 00000002.00000003.1706112196.0000000003656000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729002687.0000000003662000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729136674.0000000003662000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1706112196.000000000365C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/profilev2.css?v=fe66ET2uI50l&l=englis
      Source: aspnet_regiis.exe, 00000002.00000003.1706112196.0000000003656000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729002687.0000000003662000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729136674.0000000003662000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1706112196.000000000365C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729032076.00000000035C9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/images/skin_1/arrowDn9x5.gif
      Source: aspnet_regiis.exe, 00000002.00000003.1706112196.0000000003656000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729002687.0000000003662000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1739120749.00000000035C7000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729136674.0000000003662000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1706112196.000000000365C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000002.1739527863.00000000035C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1
      Source: aspnet_regiis.exe, 00000002.00000003.1706112196.0000000003656000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729002687.0000000003662000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729136674.0000000003662000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1706112196.000000000365C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729032076.00000000035C9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6
      Source: aspnet_regiis.exe, 00000002.00000003.1706112196.0000000003656000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729002687.0000000003662000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729136674.0000000003662000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1706112196.000000000365C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729032076.00000000035C9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/main.js?v=_92TWn81
      Source: aspnet_regiis.exe, 00000002.00000003.1706112196.0000000003656000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729002687.0000000003662000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729136674.0000000003662000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1706112196.000000000365C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729032076.00000000035C9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/manifest.js?v=FRRi
      Source: aspnet_regiis.exe, 00000002.00000003.1706112196.0000000003656000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729002687.0000000003662000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729136674.0000000003662000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1706112196.000000000365C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/global.js?v=jWc2JLWHx5Kn&l=english&am
      Source: aspnet_regiis.exe, 00000002.00000003.1706112196.0000000003656000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729002687.0000000003662000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729136674.0000000003662000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1706112196.000000000365C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=gQHVlrK4-jX-&l
      Source: aspnet_regiis.exe, 00000002.00000003.1706112196.0000000003656000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729002687.0000000003662000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729136674.0000000003662000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1706112196.000000000365C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/modalContent.js?v=uqf5ttWTRe7l&l=engl
      Source: aspnet_regiis.exe, 00000002.00000003.1706112196.0000000003656000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729002687.0000000003662000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729136674.0000000003662000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1706112196.000000000365C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/modalv2.js?v=zBXEuexVQ0FZ&l=english&a
      Source: aspnet_regiis.exe, 00000002.00000003.1706112196.0000000003656000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729002687.0000000003662000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729136674.0000000003662000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1706112196.000000000365C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/profile.js?v=GeQ6v03mWpAc&l=english&a
      Source: aspnet_regiis.exe, 00000002.00000003.1706112196.0000000003656000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729002687.0000000003662000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729136674.0000000003662000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1706112196.000000000365C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/promo/stickers.js?v=CcLRHsa04otQ&l=en
      Source: aspnet_regiis.exe, 00000002.00000003.1706112196.0000000003656000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729002687.0000000003662000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729136674.0000000003662000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1706112196.000000000365C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/prototype-1.7.js?v=npJElBnrEO6W&l=eng
      Source: aspnet_regiis.exe, 00000002.00000003.1706112196.0000000003656000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729002687.0000000003662000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729136674.0000000003662000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1706112196.000000000365C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/reportedcontent.js?v=-lZqrarogJr8&l=e
      Source: aspnet_regiis.exe, 00000002.00000003.1706112196.0000000003656000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729002687.0000000003662000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729136674.0000000003662000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1706112196.000000000365C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=pbdAKOcDIgbC
      Source: aspnet_regiis.exe, 00000002.00000003.1706112196.0000000003656000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729002687.0000000003662000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729136674.0000000003662000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1706112196.000000000365C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/webui/clientcom.js?v=oOCAGrkRfpQ6&l=e
      Source: aspnet_regiis.exe, 00000002.00000003.1706112196.0000000003656000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729002687.0000000003662000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729136674.0000000003662000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1706112196.000000000365C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/buttons.css?v=qhQgyjWi6LgJ&l=english&
      Source: aspnet_regiis.exe, 00000002.00000003.1706112196.000000000365C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/motiva_sans.css?v=-yZgCk0Nu7kH&l=engl
      Source: aspnet_regiis.exe, 00000002.00000003.1706112196.0000000003656000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729002687.0000000003662000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729136674.0000000003662000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1706112196.000000000365C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/shared_global.css?v=wuA4X_n5-mo0&l=en
      Source: aspnet_regiis.exe, 00000002.00000003.1706112196.0000000003656000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729002687.0000000003662000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729136674.0000000003662000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1706112196.000000000365C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/shared_responsive.css?v=JL1e4uQSrVGe&
      Source: aspnet_regiis.exe, 00000002.00000003.1729002687.0000000003662000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729136674.0000000003662000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1706112196.000000000365C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016
      Source: aspnet_regiis.exe, 00000002.00000003.1729002687.0000000003662000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729136674.0000000003662000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1706112196.000000000365C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/header_logo.png
      Source: aspnet_regiis.exe, 00000002.00000003.1729002687.0000000003662000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729136674.0000000003662000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1706112196.000000000365C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png
      Source: aspnet_regiis.exe, 00000002.00000003.1729002687.0000000003662000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729136674.0000000003662000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1706112196.000000000365C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png
      Source: aspnet_regiis.exe, 00000002.00000003.1706112196.0000000003656000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729002687.0000000003662000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729136674.0000000003662000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1706112196.000000000365C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/auth_refresh.js?v=w6QbwI-5-j2S&amp
      Source: aspnet_regiis.exe, 00000002.00000003.1706112196.0000000003656000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729002687.0000000003662000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729136674.0000000003662000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1706112196.000000000365C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/shared_global.js?v=Gr6TbGRvDtNE&am
      Source: aspnet_regiis.exe, 00000002.00000003.1706112196.0000000003656000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729002687.0000000003662000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729136674.0000000003662000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1706112196.000000000365C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=tvQ
      Source: aspnet_regiis.exe, 00000002.00000003.1706112196.0000000003656000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729002687.0000000003662000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729136674.0000000003662000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1706112196.000000000365C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/tooltip.js?v=QYkT4eS5mbTN&l=en
      Source: aspnet_regiis.exe, 00000002.00000002.1739605444.0000000003624000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729032076.0000000003624000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1738368582.0000000003624000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729150438.0000000003624000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1739196469.0000000003624000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://help.stP
      Source: aspnet_regiis.exe, 00000002.00000003.1706150176.0000000003624000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://help.steampowered.com/
      Source: aspnet_regiis.exe, 00000002.00000003.1729002687.0000000003662000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729136674.0000000003662000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1706112196.000000000365C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://help.steampowered.com/en/
      Source: aspnet_regiis.exe, 00000002.00000003.1738790297.00000000035E9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1738368582.0000000003615000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1739196469.0000000003615000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729150438.00000000035E9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1738368582.00000000035E7000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000002.1739593291.00000000035EA000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000002.1739605444.0000000003615000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/
      Source: aspnet_regiis.exe, 00000002.00000003.1729032076.00000000035E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com//
      Source: aspnet_regiis.exe, 00000002.00000003.1738790297.00000000035E9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000002.1739605444.0000000003624000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1739196469.00000000035F1000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729032076.0000000003624000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000002.1739605444.00000000035F2000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1738368582.0000000003624000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729150438.0000000003624000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1738368582.00000000035E7000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1739196469.0000000003624000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/api
      Source: aspnet_regiis.exe, 00000002.00000003.1729032076.0000000003624000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729150438.0000000003624000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/apiQqrB
      Source: aspnet_regiis.exe, 00000002.00000002.1739605444.0000000003624000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1738368582.0000000003624000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1739196469.0000000003624000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/apip
      Source: aspnet_regiis.exe, 00000002.00000003.1729032076.00000000035D1000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1738368582.00000000035D1000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000002.1739552128.00000000035D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/pi
      Source: aspnet_regiis.exe, 00000002.00000003.1739196469.0000000003624000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.steamp
      Source: aspnet_regiis.exe, 00000002.00000003.1706150176.0000000003624000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.steampowered.com/
      Source: aspnet_regiis.exe, 00000002.00000003.1706150176.0000000003624000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lv.queniujq.cn
      Source: aspnet_regiis.exe, 00000002.00000003.1706112196.0000000003656000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729150438.0000000003624000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1706150176.0000000003624000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://medal.tv
      Source: aspnet_regiis.exe, 00000002.00000003.1706112196.0000000003656000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1706150176.0000000003624000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://player.vimeo.com
      Source: aspnet_regiis.exe, 00000002.00000003.1706150176.0000000003624000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://recaptcha.net
      Source: aspnet_regiis.exe, 00000002.00000003.1706112196.0000000003656000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729150438.0000000003624000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1706150176.0000000003624000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://recaptcha.net/recaptcha/;
      Source: aspnet_regiis.exe, 00000002.00000003.1706150176.0000000003624000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://s.ytimg.com;
      Source: aspnet_regiis.exe, 00000002.00000003.1706112196.0000000003656000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1738368582.0000000003624000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729150438.0000000003624000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1739196469.0000000003624000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1706150176.0000000003624000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sketchfab.com
      Source: aspnet_regiis.exe, 00000002.00000003.1706150176.0000000003624000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steam.tv/
      Source: aspnet_regiis.exe, 00000002.00000003.1706150176.0000000003624000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcast-test.akamaized.net
      Source: aspnet_regiis.exe, 00000002.00000002.1739605444.0000000003624000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729032076.0000000003624000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1738368582.0000000003624000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729150438.0000000003624000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1739196469.0000000003624000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcast-test.akamaizedp
      Source: aspnet_regiis.exe, 00000002.00000003.1706150176.0000000003624000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcast.akamaized.net
      Source: aspnet_regiis.exe, 00000002.00000002.1739605444.0000000003624000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729032076.0000000003624000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1738368582.0000000003624000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729150438.0000000003624000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1739196469.0000000003624000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1706150176.0000000003624000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcastchat.akamaized.net
      Source: aspnet_regiis.exe, 00000002.00000002.1739605444.0000000003624000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729032076.0000000003624000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1738368582.0000000003624000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729150438.0000000003624000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1739196469.0000000003624000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com
      Source: aspnet_regiis.exe, 00000002.00000003.1706150176.0000000003624000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/
      Source: aspnet_regiis.exe, 00000002.00000003.1729002687.0000000003662000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729136674.0000000003662000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1706112196.000000000365C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/?subsection=broadcasts
      Source: aspnet_regiis.exe, 00000002.00000003.1729002687.0000000003662000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729136674.0000000003662000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1706112196.000000000365C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/discussions/
      Source: aspnet_regiis.exe, 00000002.00000003.1706112196.0000000003656000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729002687.0000000003662000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1739120749.00000000035C7000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729136674.0000000003662000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1706112196.000000000365C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000002.1739527863.00000000035C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org
      Source: aspnet_regiis.exe, 00000002.00000003.1706112196.000000000365C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900
      Source: aspnet_regiis.exe, 00000002.00000003.1706150176.0000000003624000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/lstu
      Source: aspnet_regiis.exe, 00000002.00000003.1729002687.0000000003662000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729136674.0000000003662000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1706112196.000000000365C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/market/
      Source: aspnet_regiis.exe, 00000002.00000003.1729002687.0000000003662000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729136674.0000000003662000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1706112196.000000000365C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/my/wishlist/
      Source: aspnet_regiis.exe, 00000002.00000003.1706112196.0000000003656000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729002687.0000000003662000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729136674.0000000003662000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1706112196.000000000365C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729032076.00000000035C9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/badges
      Source: aspnet_regiis.exe, 00000002.00000003.1706112196.0000000003656000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729002687.0000000003662000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1739120749.00000000035C7000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729136674.0000000003662000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1706112196.000000000365C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000002.1739527863.00000000035C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/inventory/
      Source: aspnet_regiis.exe, 00000002.00000003.1729002687.0000000003662000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729136674.0000000003662000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1706112196.000000000365C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/workshop/
      Source: aspnet_regiis.exe, 00000002.00000002.1739605444.0000000003624000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729032076.0000000003624000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1738368582.0000000003624000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729150438.0000000003624000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1739196469.0000000003624000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com
      Source: aspnet_regiis.exe, 00000002.00000003.1706150176.0000000003624000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/
      Source: aspnet_regiis.exe, 00000002.00000003.1706112196.0000000003656000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1706150176.0000000003624000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/;
      Source: aspnet_regiis.exe, 00000002.00000003.1706112196.0000000003656000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7C185ce35c568ebbb
      Source: aspnet_regiis.exe, 00000002.00000003.1706112196.000000000365C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/about/
      Source: aspnet_regiis.exe, 00000002.00000003.1729002687.0000000003662000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729136674.0000000003662000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1706112196.000000000365C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/explore/
      Source: aspnet_regiis.exe, 00000002.00000003.1706112196.0000000003656000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729002687.0000000003662000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1739120749.00000000035C7000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729136674.0000000003662000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1706112196.000000000365C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000002.1739527863.00000000035C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/legal/
      Source: aspnet_regiis.exe, 00000002.00000003.1729002687.0000000003662000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729136674.0000000003662000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1706112196.000000000365C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/mobile
      Source: aspnet_regiis.exe, 00000002.00000003.1729002687.0000000003662000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729136674.0000000003662000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1706112196.000000000365C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/news/
      Source: aspnet_regiis.exe, 00000002.00000003.1729002687.0000000003662000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729136674.0000000003662000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1706112196.000000000365C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/points/shop/
      Source: aspnet_regiis.exe, 00000002.00000003.1729002687.0000000003662000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729136674.0000000003662000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1706112196.000000000365C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/privacy_agreement/
      Source: aspnet_regiis.exe, 00000002.00000003.1729002687.0000000003662000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729136674.0000000003662000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1706112196.000000000365C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/stats/
      Source: aspnet_regiis.exe, 00000002.00000003.1729002687.0000000003662000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729136674.0000000003662000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1706112196.000000000365C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/steam_refunds/
      Source: aspnet_regiis.exe, 00000002.00000003.1729002687.0000000003662000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729136674.0000000003662000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1706112196.000000000365C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/subscriber_agreement/
      Source: aspnet_regiis.exe, 00000002.00000003.1706112196.0000000003656000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1738368582.0000000003624000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729150438.0000000003624000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1739196469.0000000003624000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1706150176.0000000003624000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com
      Source: aspnet_regiis.exe, 00000002.00000002.1739605444.0000000003624000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729032076.0000000003624000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1738368582.0000000003624000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729150438.0000000003624000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1739196469.0000000003624000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/recaptc
      Source: aspnet_regiis.exe, 00000002.00000003.1706150176.0000000003624000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/recaptcha/
      Source: aspnet_regiis.exe, 00000002.00000003.1706150176.0000000003624000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.cn/recaptcha/
      Source: aspnet_regiis.exe, 00000002.00000003.1706150176.0000000003624000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/recaptcha/
      Source: aspnet_regiis.exe, 00000002.00000003.1729002687.0000000003662000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729136674.0000000003662000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1706112196.000000000365C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback
      Source: aspnet_regiis.exe, 00000002.00000003.1706112196.0000000003656000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1738368582.0000000003624000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729150438.0000000003624000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1739196469.0000000003624000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1706150176.0000000003624000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com
      Source: aspnet_regiis.exe, 00000002.00000003.1706150176.0000000003624000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
      Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
      Source: unknownHTTPS traffic detected: 92.122.104.90:443 -> 192.168.2.4:49730 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 104.21.66.86:443 -> 192.168.2.4:49731 version: TLS 1.2
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 2_2_72C73E30 OpenClipboard,GetClipboardData,GlobalLock,GetWindowLongW,GlobalUnlock,CloseClipboard,2_2_72C73E30
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 2_2_72C73E30 OpenClipboard,GetClipboardData,GlobalLock,GetWindowLongW,GlobalUnlock,CloseClipboard,2_2_72C73E30
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 2_2_72C748C2 GetDC,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetCurrentObject,GetObjectW,DeleteObject,CreateCompatibleDC,CreateCompatibleBitmap,SelectObject,BitBlt,2_2_72C748C2

      System Summary

      barindex
      .NET source code contains very large array initializations
      Source: Leside-.exe, GetWin.csLarge array initialization: GetWindowsOS: array initializer size 639488
      Source: C:\Users\user\Desktop\Leside-.exeMemory allocated: 72C40000 page execute and read and writeJump to behavior
      Source: C:\Users\user\Desktop\Leside-.exeCode function: 0_2_6CE143C0 WindowsHandle,GetConsoleWindow,ShowWindow,VirtualAlloc,CreateProcessW,NtGetContextThread,NtAllocateVirtualMemory,NtAllocateVirtualMemory,NtWriteVirtualMemory,NtWriteVirtualMemory,NtWriteVirtualMemory,NtReadVirtualMemory,NtWriteVirtualMemory,NtWriteVirtualMemory,NtCreateThreadEx,NtSetContextThread,NtResumeThread,CloseHandle,CloseHandle,VirtualAlloc,NtAllocateVirtualMemory,NtReadVirtualMemory,NtWriteVirtualMemory,NtSetContextThread,NtResumeThread,CloseHandle,NtWriteVirtualMemory,NtCreateThreadEx,NtSetContextThread,NtResumeThread,0_2_6CE143C0
      Source: C:\Users\user\Desktop\Leside-.exeCode function: 0_2_6CE12B10 GetModuleHandleW,NtQueryInformationProcess,GetModuleHandleW,GetModuleHandleW,0_2_6CE12B10
      Source: C:\Users\user\Desktop\Leside-.exeCode function: 0_2_6CE0D9100_2_6CE0D910
      Source: C:\Users\user\Desktop\Leside-.exeCode function: 0_2_6CE143C00_2_6CE143C0
      Source: C:\Users\user\Desktop\Leside-.exeCode function: 0_2_6CE12B100_2_6CE12B10
      Source: C:\Users\user\Desktop\Leside-.exeCode function: 0_2_6CE22CC00_2_6CE22CC0
      Source: C:\Users\user\Desktop\Leside-.exeCode function: 0_2_6CE2C0A00_2_6CE2C0A0
      Source: C:\Users\user\Desktop\Leside-.exeCode function: 0_2_6CE1F4700_2_6CE1F470
      Source: C:\Users\user\Desktop\Leside-.exeCode function: 0_2_6CE104400_2_6CE10440
      Source: C:\Users\user\Desktop\Leside-.exeCode function: 0_2_6CE2C4400_2_6CE2C440
      Source: C:\Users\user\Desktop\Leside-.exeCode function: 0_2_6CE140500_2_6CE14050
      Source: C:\Users\user\Desktop\Leside-.exeCode function: 0_2_6CE2B4500_2_6CE2B450
      Source: C:\Users\user\Desktop\Leside-.exeCode function: 0_2_6CE37C500_2_6CE37C50
      Source: C:\Users\user\Desktop\Leside-.exeCode function: 0_2_6CE010200_2_6CE01020
      Source: C:\Users\user\Desktop\Leside-.exeCode function: 0_2_6CE394200_2_6CE39420
      Source: C:\Users\user\Desktop\Leside-.exeCode function: 0_2_6CE31C000_2_6CE31C00
      Source: C:\Users\user\Desktop\Leside-.exeCode function: 0_2_6CE2CC100_2_6CE2CC10
      Source: C:\Users\user\Desktop\Leside-.exeCode function: 0_2_6CE231C00_2_6CE231C0
      Source: C:\Users\user\Desktop\Leside-.exeCode function: 0_2_6CE20DB00_2_6CE20DB0
      Source: C:\Users\user\Desktop\Leside-.exeCode function: 0_2_6CE2A9B00_2_6CE2A9B0
      Source: C:\Users\user\Desktop\Leside-.exeCode function: 0_2_6CE385800_2_6CE38580
      Source: C:\Users\user\Desktop\Leside-.exeCode function: 0_2_6CE32D800_2_6CE32D80
      Source: C:\Users\user\Desktop\Leside-.exeCode function: 0_2_6CE201900_2_6CE20190
      Source: C:\Users\user\Desktop\Leside-.exeCode function: 0_2_6CE211900_2_6CE21190
      Source: C:\Users\user\Desktop\Leside-.exeCode function: 0_2_6CE1F9700_2_6CE1F970
      Source: C:\Users\user\Desktop\Leside-.exeCode function: 0_2_6CE255400_2_6CE25540
      Source: C:\Users\user\Desktop\Leside-.exeCode function: 0_2_6CE3B5400_2_6CE3B540
      Source: C:\Users\user\Desktop\Leside-.exeCode function: 0_2_6CE331500_2_6CE33150
      Source: C:\Users\user\Desktop\Leside-.exeCode function: 0_2_6CE219200_2_6CE21920
      Source: C:\Users\user\Desktop\Leside-.exeCode function: 0_2_6CE229200_2_6CE22920
      Source: C:\Users\user\Desktop\Leside-.exeCode function: 0_2_6CE26D000_2_6CE26D00
      Source: C:\Users\user\Desktop\Leside-.exeCode function: 0_2_6CE1FEF00_2_6CE1FEF0
      Source: C:\Users\user\Desktop\Leside-.exeCode function: 0_2_6CE38EF00_2_6CE38EF0
      Source: C:\Users\user\Desktop\Leside-.exeCode function: 0_2_6CE2A2D00_2_6CE2A2D0
      Source: C:\Users\user\Desktop\Leside-.exeCode function: 0_2_6CE1EAB00_2_6CE1EAB0
      Source: C:\Users\user\Desktop\Leside-.exeCode function: 0_2_6CE2FA800_2_6CE2FA80
      Source: C:\Users\user\Desktop\Leside-.exeCode function: 0_2_6CE28A800_2_6CE28A80
      Source: C:\Users\user\Desktop\Leside-.exeCode function: 0_2_6CE0C2600_2_6CE0C260
      Source: C:\Users\user\Desktop\Leside-.exeCode function: 0_2_6CE246600_2_6CE24660
      Source: C:\Users\user\Desktop\Leside-.exeCode function: 0_2_6CE382600_2_6CE38260
      Source: C:\Users\user\Desktop\Leside-.exeCode function: 0_2_6CE2F6500_2_6CE2F650
      Source: C:\Users\user\Desktop\Leside-.exeCode function: 0_2_6CE46A510_2_6CE46A51
      Source: C:\Users\user\Desktop\Leside-.exeCode function: 0_2_6CE276200_2_6CE27620
      Source: C:\Users\user\Desktop\Leside-.exeCode function: 0_2_6CE1CE100_2_6CE1CE10
      Source: C:\Users\user\Desktop\Leside-.exeCode function: 0_2_6CE2D6100_2_6CE2D610
      Source: C:\Users\user\Desktop\Leside-.exeCode function: 0_2_6CE283E00_2_6CE283E0
      Source: C:\Users\user\Desktop\Leside-.exeCode function: 0_2_6CE2BBF00_2_6CE2BBF0
      Source: C:\Users\user\Desktop\Leside-.exeCode function: 0_2_6CE31FF00_2_6CE31FF0
      Source: C:\Users\user\Desktop\Leside-.exeCode function: 0_2_6CE3A3F00_2_6CE3A3F0
      Source: C:\Users\user\Desktop\Leside-.exeCode function: 0_2_6CE1E3B00_2_6CE1E3B0
      Source: C:\Users\user\Desktop\Leside-.exeCode function: 0_2_6CE24BB00_2_6CE24BB0
      Source: C:\Users\user\Desktop\Leside-.exeCode function: 0_2_6CE237B00_2_6CE237B0
      Source: C:\Users\user\Desktop\Leside-.exeCode function: 0_2_6CE2EBB00_2_6CE2EBB0
      Source: C:\Users\user\Desktop\Leside-.exeCode function: 0_2_6CE267800_2_6CE26780
      Source: C:\Users\user\Desktop\Leside-.exeCode function: 0_2_6CE33F800_2_6CE33F80
      Source: C:\Users\user\Desktop\Leside-.exeCode function: 0_2_6CE29F900_2_6CE29F90
      Source: C:\Users\user\Desktop\Leside-.exeCode function: 0_2_6CE24F600_2_6CE24F60
      Source: C:\Users\user\Desktop\Leside-.exeCode function: 0_2_6CE0D3700_2_6CE0D370
      Source: C:\Users\user\Desktop\Leside-.exeCode function: 0_2_6CE377400_2_6CE37740
      Source: C:\Users\user\Desktop\Leside-.exeCode function: 0_2_6CE1C3500_2_6CE1C350
      Source: C:\Users\user\Desktop\Leside-.exeCode function: 0_2_6CE1D7500_2_6CE1D750
      Source: C:\Users\user\Desktop\Leside-.exeCode function: 0_2_6CE35F500_2_6CE35F50
      Source: C:\Users\user\Desktop\Leside-.exeCode function: 0_2_6CE2AF300_2_6CE2AF30
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 2_2_72C4B1002_2_72C4B100
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 2_2_72C486002_2_72C48600
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 2_2_72C59AD02_2_72C59AD0
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 2_2_72C642D02_2_72C642D0
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 2_2_72C792802_2_72C79280
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 2_2_72C79A802_2_72C79A80
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 2_2_72C68ABC2_2_72C68ABC
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 2_2_72C7CA402_2_72C7CA40
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 2_2_72C75A4F2_2_72C75A4F
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 2_2_72C7DA4D2_2_72C7DA4D
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 2_2_72C442702_2_72C44270
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 2_2_72C512272_2_72C51227
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 2_2_72C5E2202_2_72C5E220
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 2_2_72C7FA202_2_72C7FA20
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 2_2_72C4F3C02_2_72C4F3C0
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 2_2_72C473D02_2_72C473D0
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 2_2_72C683D82_2_72C683D8
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 2_2_72C5EB802_2_72C5EB80
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 2_2_72C44BA02_2_72C44BA0
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 2_2_72C4AB402_2_72C4AB40
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 2_2_72C613402_2_72C61340
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 2_2_72C6D34A2_2_72C6D34A
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 2_2_72C6F3772_2_72C6F377
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 2_2_72C58B152_2_72C58B15
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 2_2_72C493102_2_72C49310
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 2_2_72C7FB102_2_72C7FB10
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 2_2_72C7FB2A2_2_72C7FB2A
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 2_2_72C7FB282_2_72C7FB28
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 2_2_72C438C02_2_72C438C0
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 2_2_72C6A0CA2_2_72C6A0CA
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 2_2_72C738D02_2_72C738D0
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 2_2_72C6C0E62_2_72C6C0E6
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 2_2_72C560E92_2_72C560E9
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 2_2_72C5B8F62_2_72C5B8F6
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 2_2_72C6C09E2_2_72C6C09E
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 2_2_72C5C8A02_2_72C5C8A0
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 2_2_72C788B02_2_72C788B0
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 2_2_72C4C8402_2_72C4C840
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 2_2_72C5D0032_2_72C5D003
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 2_2_72C4D0212_2_72C4D021
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 2_2_72C4D83C2_2_72C4D83C
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 2_2_72C681CC2_2_72C681CC
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 2_2_72C809E02_2_72C809E0
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 2_2_72C6C9EB2_2_72C6C9EB
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 2_2_72C6E1802_2_72C6E180
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 2_2_72C7F18B2_2_72C7F18B
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 2_2_72C691AE2_2_72C691AE
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 2_2_72C639B92_2_72C639B9
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 2_2_72C6C09E2_2_72C6C09E
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 2_2_72C461602_2_72C46160
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 2_2_72C5E9602_2_72C5E960
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 2_2_72C581692_2_72C58169
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 2_2_72C459002_2_72C45900
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 2_2_72C669102_2_72C66910
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 2_2_72C646D02_2_72C646D0
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 2_2_72C806F02_2_72C806F0
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 2_2_72C4E6872_2_72C4E687
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 2_2_72C78EA02_2_72C78EA0
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 2_2_72C42EB02_2_72C42EB0
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 2_2_72C5AEB02_2_72C5AEB0
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 2_2_72C4CE452_2_72C4CE45
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 2_2_72C786502_2_72C78650
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 2_2_72C6EE632_2_72C6EE63
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 2_2_72C60E6C2_2_72C60E6C
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 2_2_72C62E6D2_2_72C62E6D
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 2_2_72C6FE742_2_72C6FE74
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 2_2_72C7FE002_2_72C7FE00
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 2_2_72C4F60D2_2_72C4F60D
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 2_2_72C5961B2_2_72C5961B
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 2_2_72C5E6302_2_72C5E630
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 2_2_72C557C02_2_72C557C0
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 2_2_72C497802_2_72C49780
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 2_2_72C677402_2_72C67740
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 2_2_72C527502_2_72C52750
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 2_2_72C5DF502_2_72C5DF50
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 2_2_72C56F522_2_72C56F52
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 2_2_72C65F1B2_2_72C65F1B
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 2_2_72C697392_2_72C69739
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 2_2_72C604C62_2_72C604C6
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 2_2_72C624E02_2_72C624E0
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 2_2_72C4D4F32_2_72C4D4F3
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 2_2_72C71CF02_2_72C71CF0
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 2_2_72C54CA02_2_72C54CA0
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 2_2_72C674402_2_72C67440
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 2_2_72C7A4402_2_72C7A440
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 2_2_72C804602_2_72C80460
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 2_2_72C5747D2_2_72C5747D
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 2_2_72C73C102_2_72C73C10
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 2_2_72C7A5D42_2_72C7A5D4
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 2_2_72C465F02_2_72C465F0
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 2_2_72C7CDF02_2_72C7CDF0
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 2_2_72C7C5A02_2_72C7C5A0
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 2_2_72C77DA92_2_72C77DA9
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 2_2_72C6CD4C2_2_72C6CD4C
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 2_2_72C6CD5E2_2_72C6CD5E
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 2_2_72C645602_2_72C64560
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 2_2_72C7FD702_2_72C7FD70
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 2_2_72C61D002_2_72C61D00
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 2_2_72C80D202_2_72C80D20
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 2_2_72C66D2E2_2_72C66D2E
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 2_2_72C51D2B2_2_72C51D2B
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 2_2_72C79D302_2_72C79D30
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 2_2_72C6C53C2_2_72C6C53C
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: String function: 72C54C90 appears 77 times
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: String function: 72C47F60 appears 40 times
      Source: Leside-.exe, 00000000.00000000.1652383379.00000000008D2000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameNathanPatrickNathan.exeZHET vs Leside-.exe
      Source: Leside-.exe, 00000000.00000002.1657817197.0000000000DDE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs Leside-.exe
      Source: Leside-.exeBinary or memory string: OriginalFilenameNathanPatrickNathan.exeZHET vs Leside-.exe
      Source: Leside-.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
      Source: classification engineClassification label: mal100.troj.evad.winEXE@4/2@11/2
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 2_2_72C79280 RtlExpandEnvironmentStrings,CoCreateInstance,SysAllocString,CoSetProxyBlanket,SysAllocString,SysAllocString,VariantInit,VariantClear,SysFreeString,SysFreeString,SysFreeString,SysFreeString,2_2_72C79280
      Source: C:\Users\user\Desktop\Leside-.exeFile created: C:\Users\user\AppData\Roaming\gdi32.dllJump to behavior
      Source: C:\Users\user\Desktop\Leside-.exeMutant created: NULL
      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2492:120:WilError_03
      Source: Leside-.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
      Source: Leside-.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
      Source: C:\Users\user\Desktop\Leside-.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
      Source: unknownProcess created: C:\Users\user\Desktop\Leside-.exe "C:\Users\user\Desktop\Leside-.exe"
      Source: C:\Users\user\Desktop\Leside-.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      Source: C:\Users\user\Desktop\Leside-.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe"
      Source: C:\Users\user\Desktop\Leside-.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe"Jump to behavior
      Source: C:\Users\user\Desktop\Leside-.exeSection loaded: mscoree.dllJump to behavior
      Source: C:\Users\user\Desktop\Leside-.exeSection loaded: apphelp.dllJump to behavior
      Source: C:\Users\user\Desktop\Leside-.exeSection loaded: kernel.appcore.dllJump to behavior
      Source: C:\Users\user\Desktop\Leside-.exeSection loaded: version.dllJump to behavior
      Source: C:\Users\user\Desktop\Leside-.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
      Source: C:\Users\user\Desktop\Leside-.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
      Source: C:\Users\user\Desktop\Leside-.exeSection loaded: windows.storage.dllJump to behavior
      Source: C:\Users\user\Desktop\Leside-.exeSection loaded: wldp.dllJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: windows.storage.dllJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: wldp.dllJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: winhttp.dllJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: webio.dllJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: mswsock.dllJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: iphlpapi.dllJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: winnsi.dllJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: sspicli.dllJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: dnsapi.dllJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: rasadhlp.dllJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: fwpuclnt.dllJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: schannel.dllJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: mskeyprotect.dllJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: ntasn1.dllJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: ncrypt.dllJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: ncryptsslp.dllJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: msasn1.dllJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: cryptsp.dllJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: rsaenh.dllJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: cryptbase.dllJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: gpapi.dllJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: dpapi.dllJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: kernel.appcore.dllJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: uxtheme.dllJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
      Source: Leside-.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
      Source: Leside-.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 2_2_72C5B324 push F3B972C8h; retf 2_2_72C5B32A
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 2_2_72C77069 push es; retf 2_2_72C77074
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 2_2_72C7C990 push eax; mov dword ptr [esp], 5C5D5E5Fh2_2_72C7C99E
      Source: Leside-.exeStatic PE information: section name: .text entropy: 7.114694614150449
      Source: C:\Users\user\Desktop\Leside-.exeFile created: C:\Users\user\AppData\Roaming\gdi32.dllJump to dropped file
      Source: C:\Users\user\Desktop\Leside-.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Leside-.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Leside-.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Leside-.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Leside-.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Leside-.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Leside-.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Leside-.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Leside-.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Leside-.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Leside-.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Leside-.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Leside-.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Leside-.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Leside-.exeMemory allocated: 2AF0000 memory reserve | memory write watchJump to behavior
      Source: C:\Users\user\Desktop\Leside-.exeMemory allocated: 2D10000 memory reserve | memory write watchJump to behavior
      Source: C:\Users\user\Desktop\Leside-.exeMemory allocated: 2B50000 memory reserve | memory write watchJump to behavior
      Source: C:\Users\user\Desktop\Leside-.exeThread delayed: delay time: 922337203685477Jump to behavior
      Source: C:\Users\user\Desktop\Leside-.exe TID: 3180Thread sleep time: -922337203685477s >= -30000sJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe TID: 2084Thread sleep time: -120000s >= -30000sJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe TID: 2084Thread sleep time: -30000s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\Leside-.exeCode function: 0_2_6CE40B60 FindFirstFileExW,0_2_6CE40B60
      Source: C:\Users\user\Desktop\Leside-.exeThread delayed: delay time: 922337203685477Jump to behavior
      Source: aspnet_regiis.exe, 00000002.00000002.1739527863.00000000035C0000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1739120749.00000000035BF000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1739038911.00000000035BC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWX
      Source: aspnet_regiis.exe, 00000002.00000003.1738368582.0000000003615000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729032076.0000000003615000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1739196469.0000000003615000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729150438.0000000003615000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000002.1739605444.0000000003615000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWY
      Source: aspnet_regiis.exe, 00000002.00000003.1738368582.0000000003615000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729032076.0000000003615000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1739196469.0000000003615000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729150438.0000000003615000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000002.1739605444.0000000003615000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeCode function: 2_2_72C7E110 LdrInitializeThunk,2_2_72C7E110
      Source: C:\Users\user\Desktop\Leside-.exeCode function: 0_2_6CE3C892 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_6CE3C892
      Source: C:\Users\user\Desktop\Leside-.exeCode function: 0_2_6CE3F462 mov eax, dword ptr fs:[00000030h]0_2_6CE3F462
      Source: C:\Users\user\Desktop\Leside-.exeCode function: 0_2_6CE406A1 mov eax, dword ptr fs:[00000030h]0_2_6CE406A1
      Source: C:\Users\user\Desktop\Leside-.exeCode function: 0_2_6CE3C892 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_6CE3C892
      Source: C:\Users\user\Desktop\Leside-.exeCode function: 0_2_6CE3ED7C IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_6CE3ED7C
      Source: C:\Users\user\Desktop\Leside-.exeCode function: 0_2_6CE3C367 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_6CE3C367
      Source: C:\Users\user\Desktop\Leside-.exeMemory allocated: page read and write | page guardJump to behavior

      HIPS / PFW / Operating System Protection Evasion

      barindex
      Allocates memory in foreign processes
      Source: C:\Users\user\Desktop\Leside-.exeMemory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe base: 72C40000 protect: page execute and read and writeJump to behavior
      Injects a PE file into a foreign processes
      Source: C:\Users\user\Desktop\Leside-.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe base: 72C40000 value starts with: 4D5AJump to behavior
      LummaC encrypted strings found
      Source: Leside-.exe, 00000000.00000000.1652312652.0000000000832000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: hummskitnj.buzz
      Source: Leside-.exe, 00000000.00000000.1652312652.0000000000832000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: cashfuzysao.buzz
      Source: Leside-.exe, 00000000.00000000.1652312652.0000000000832000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: appliacnesot.buzz
      Source: Leside-.exe, 00000000.00000000.1652312652.0000000000832000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: screwamusresz.buzz
      Source: Leside-.exe, 00000000.00000000.1652312652.0000000000832000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: inherineau.buzz
      Source: Leside-.exe, 00000000.00000000.1652312652.0000000000832000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: scentniej.buzz
      Source: Leside-.exe, 00000000.00000000.1652312652.0000000000832000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: rebuildeso.buzz
      Source: Leside-.exe, 00000000.00000000.1652312652.0000000000832000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: prisonyfork.buzz
      Writes to foreign memory regions
      Source: C:\Users\user\Desktop\Leside-.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe base: 72C40000Jump to behavior
      Source: C:\Users\user\Desktop\Leside-.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe base: 72C41000Jump to behavior
      Source: C:\Users\user\Desktop\Leside-.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe base: 72C82000Jump to behavior
      Source: C:\Users\user\Desktop\Leside-.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe base: 72C85000Jump to behavior
      Source: C:\Users\user\Desktop\Leside-.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe base: 72C93000Jump to behavior
      Source: C:\Users\user\Desktop\Leside-.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe base: 72C41000Jump to behavior
      Source: C:\Users\user\Desktop\Leside-.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe base: 72C82000Jump to behavior
      Source: C:\Users\user\Desktop\Leside-.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe base: 72C85000Jump to behavior
      Source: C:\Users\user\Desktop\Leside-.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe base: 72C93000Jump to behavior
      Source: C:\Users\user\Desktop\Leside-.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe base: 313B008Jump to behavior
      Source: C:\Users\user\Desktop\Leside-.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe"Jump to behavior
      Source: C:\Users\user\Desktop\Leside-.exeCode function: 0_2_6CE3CA58 cpuid 0_2_6CE3CA58
      Source: C:\Users\user\Desktop\Leside-.exeQueries volume information: C:\Users\user\Desktop\Leside-.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Leside-.exeCode function: 0_2_6CE3C4DB GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,0_2_6CE3C4DB
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

      Stealing of Sensitive Information

      barindex
      Yara detected LummaC Stealer
      Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
      Source: Yara matchFile source: decrypted.binstr, type: MEMORYSTR

      Remote Access Functionality

      barindex
      Yara detected LummaC Stealer
      Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
      Source: Yara matchFile source: decrypted.binstr, type: MEMORYSTR

      Mitre Att&ck Matrix

      ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
      Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
      PowerShell      		1
      DLL Side-Loading      		311
      Process Injection      		1
      Masquerading      		OS Credential Dumping1
      System Time Discovery      		Remote Services1
      Screen Capture      		11
      Encrypted Channel      		Exfiltration Over Other Network MediumAbuse Accessibility Features
      CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
      DLL Side-Loading      		1
      Disable or Modify Tools      		LSASS Memory11
      Security Software Discovery      		Remote Desktop Protocol1
      Archive Collected Data      		1
      Ingress Tool Transfer      		Exfiltration Over BluetoothNetwork Denial of Service
      Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)31
      Virtualization/Sandbox Evasion      		Security Account Manager31
      Virtualization/Sandbox Evasion      		SMB/Windows Admin Shares2
      Clipboard Data      		3
      Non-Application Layer Protocol      		Automated ExfiltrationData Encrypted for Impact
      Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook311
      Process Injection      		NTDS1
      File and Directory Discovery      		Distributed Component Object ModelInput Capture114
      Application Layer Protocol      		Traffic DuplicationData Destruction
      Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script11
      Deobfuscate/Decode Files or Information      		LSA Secrets23
      System Information Discovery      		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
      Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts4
      Obfuscated Files or Information      		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
      DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
      Software Packing      		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
      Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
      DLL Side-Loading      		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

      Behavior Graph

      Hide Legend

      Legend:

      • Process
      • Signature
      • Created File
      • DNS/IP Info
      • Is Dropped
      • Is Windows Process
      • Number of created Registry Values
      • Number of created Files
      • Visual Basic
      • Delphi
      • Java
      • .Net C# or VB.NET
      • C, C++ or other language
      • Is malicious
      • Internet

      Screenshots

      Thumbnails

      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


      windows-stand

      Antivirus, Machine Learning and Genetic Malware Detection

      Initial Sample

      SourceDetectionScannerLabelLink
      Leside-.exe100%Joe Sandbox ML

      Dropped Files

      SourceDetectionScannerLabelLink
      C:\Users\user\AppData\Roaming\gdi32.dll100%Joe Sandbox ML

      Unpacked PE Files

      No Antivirus matches

      Domains

      No Antivirus matches

      URLs

      SourceDetectionScannerLabelLink
      ingreem-eilish.biz0%Avira URL Cloudsafe
      https://lev-tolstoi.com/apip100%Avira URL Cloudmalware
      https://login.steamp0%Avira URL Cloudsafe
      https://checkout.steampow0%Avira URL Cloudsafe
      https://help.stP0%Avira URL Cloudsafe
      https://lev-tolstoi.com/apiQqrB100%Avira URL Cloudmalware
      https://community.fastly.steamstat0%Avira URL Cloudsafe
      https://cdn.fastly.0%Avira URL Cloudsafe
      https://steambroadcast-test.akamaizedp0%Avira URL Cloudsafe
      https://lev-tolstoi.com//100%Avira URL Cloudmalware

      Domains and IPs

      Contacted Domains

      NameIPActiveMaliciousAntivirus DetectionReputation
      steamcommunity.com
      		92.122.104.90
      		truefalse
        		high
        lev-tolstoi.com
        		104.21.66.86
        		truefalse
          		high
          cashfuzysao.buzz
          		unknown
          		unknowntrue
            		unknown
            scentniej.buzz
            		unknown
            		unknowntrue
              		unknown
              inherineau.buzz
              		unknown
              		unknowntrue
                		unknown
                prisonyfork.buzz
                		unknown
                		unknowntrue
                  		unknown
                  ingreem-eilish.biz
                  		unknown
                  		unknowntrue
                    		unknown
                    rebuildeso.buzz
                    		unknown
                    		unknowntrue
                      		unknown
                      appliacnesot.buzz
                      		unknown
                      		unknowntrue
                        		unknown
                        hummskitnj.buzz
                        		unknown
                        		unknowntrue
                          		unknown
                          screwamusresz.buzz
                          		unknown
                          		unknowntrue
                            		unknown

                            Contacted URLs

                            NameMaliciousAntivirus DetectionReputation
                            scentniej.buzzfalse
                              		high
                              https://steamcommunity.com/profiles/76561199724331900false
                                		high
                                rebuildeso.buzzfalse
                                  		high
                                  appliacnesot.buzzfalse
                                    		high
                                    screwamusresz.buzzfalse
                                      		high
                                      cashfuzysao.buzzfalse
                                        		high
                                        inherineau.buzzfalse
                                          		high
                                          https://lev-tolstoi.com/apifalse
                                            		high
                                            hummskitnj.buzzfalse
                                              		high
                                              prisonyfork.buzzfalse
                                                		high
                                                ingreem-eilish.biztrue
                                                • Avira URL Cloud: safe
                                                		unknown

                                                URLs from Memory and Binaries

                                                NameSourceMaliciousAntivirus DetectionReputation
                                                https://community.fastly.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.pngaspnet_regiis.exe, 00000002.00000003.1729002687.0000000003662000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729136674.0000000003662000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1706112196.000000000365C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://player.vimeo.comaspnet_regiis.exe, 00000002.00000003.1706112196.0000000003656000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1706150176.0000000003624000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://community.fastly.steamstatic.com/public/css/promo/summer2017/stickers.css?v=Ncr6N09yZIap&ampaspnet_regiis.exe, 00000002.00000003.1706112196.0000000003656000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729002687.0000000003662000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729136674.0000000003662000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1706112196.000000000365C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://steamcommunity.com/?subsection=broadcastsaspnet_regiis.exe, 00000002.00000003.1729002687.0000000003662000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729136674.0000000003662000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1706112196.000000000365C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://store.steampowered.com/subscriber_agreement/aspnet_regiis.exe, 00000002.00000003.1729002687.0000000003662000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729136674.0000000003662000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1706112196.000000000365C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://www.gstatic.cn/recaptcha/aspnet_regiis.exe, 00000002.00000003.1706150176.0000000003624000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://cdn.fastly.aspnet_regiis.exe, 00000002.00000002.1739605444.0000000003624000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729032076.0000000003624000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1738368582.0000000003624000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729150438.0000000003624000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1739196469.0000000003624000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            https://store.steampowered.comaspnet_regiis.exe, 00000002.00000002.1739605444.0000000003624000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729032076.0000000003624000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1738368582.0000000003624000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729150438.0000000003624000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1739196469.0000000003624000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://www.google.com/recaptcaspnet_regiis.exe, 00000002.00000002.1739605444.0000000003624000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729032076.0000000003624000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1738368582.0000000003624000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729150438.0000000003624000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1739196469.0000000003624000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		high
                                                                http://www.valvesoftware.com/legal.htmaspnet_regiis.exe, 00000002.00000003.1729002687.0000000003662000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729136674.0000000003662000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1706112196.000000000365C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://community.fastly.steamstatic.com/public/shared/css/shared_global.css?v=wuA4X_n5-mo0&l=enaspnet_regiis.exe, 00000002.00000003.1706112196.0000000003656000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729002687.0000000003662000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729136674.0000000003662000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1706112196.000000000365C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://www.youtube.comaspnet_regiis.exe, 00000002.00000003.1706112196.0000000003656000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1738368582.0000000003624000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729150438.0000000003624000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1739196469.0000000003624000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1706150176.0000000003624000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://www.google.comaspnet_regiis.exe, 00000002.00000003.1706112196.0000000003656000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1738368582.0000000003624000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729150438.0000000003624000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1739196469.0000000003624000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1706150176.0000000003624000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedbackaspnet_regiis.exe, 00000002.00000003.1729002687.0000000003662000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729136674.0000000003662000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1706112196.000000000365C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          https://community.fastly.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6aspnet_regiis.exe, 00000002.00000003.1706112196.0000000003656000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729002687.0000000003662000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729136674.0000000003662000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1706112196.000000000365C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729032076.00000000035C9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/aspnet_regiis.exe, 00000002.00000003.1706150176.0000000003624000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://community.fastly.steamstatic.com/public/shared/css/motiva_sans.css?v=-yZgCk0Nu7kH&l=englaspnet_regiis.exe, 00000002.00000003.1706112196.000000000365C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://community.fastly.steamstatic.com/public/css/skin_1/profilev2.css?v=fe66ET2uI50l&l=englisaspnet_regiis.exe, 00000002.00000003.1706112196.0000000003656000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729002687.0000000003662000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729136674.0000000003662000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1706112196.000000000365C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://community.fastly.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=pbdAKOcDIgbCaspnet_regiis.exe, 00000002.00000003.1706112196.0000000003656000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729002687.0000000003662000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729136674.0000000003662000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1706112196.000000000365C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://s.ytimg.com;aspnet_regiis.exe, 00000002.00000003.1706150176.0000000003624000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://community.fastly.steamstatic.com/public/javascript/applications/community/manifest.js?v=FRRiaspnet_regiis.exe, 00000002.00000003.1706112196.0000000003656000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729002687.0000000003662000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729136674.0000000003662000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1706112196.000000000365C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729032076.00000000035C9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://community.fastly.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1aspnet_regiis.exe, 00000002.00000003.1706112196.0000000003656000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729002687.0000000003662000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1739120749.00000000035C7000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729136674.0000000003662000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1706112196.000000000365C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000002.1739527863.00000000035C7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://community.fastly.steamstatic.com/public/shared/css/buttons.css?v=qhQgyjWi6LgJ&l=english&aspnet_regiis.exe, 00000002.00000003.1706112196.0000000003656000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729002687.0000000003662000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729136674.0000000003662000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1706112196.000000000365C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://community.fastly.steamstatic.com/aspnet_regiis.exe, 00000002.00000003.1706150176.0000000003624000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://steam.tv/aspnet_regiis.exe, 00000002.00000003.1706150176.0000000003624000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                https://community.fastly.steamstatic.com/public/javascript/promo/stickers.js?v=CcLRHsa04otQ&l=enaspnet_regiis.exe, 00000002.00000003.1706112196.0000000003656000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729002687.0000000003662000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729136674.0000000003662000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1706112196.000000000365C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  https://lev-tolstoi.com/aspnet_regiis.exe, 00000002.00000003.1738790297.00000000035E9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1738368582.0000000003615000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1739196469.0000000003615000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729150438.00000000035E9000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1738368582.00000000035E7000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000002.1739593291.00000000035EA000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000002.1739605444.0000000003615000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    http://store.steampowered.com/privacy_agreement/aspnet_regiis.exe, 00000002.00000003.1706112196.0000000003656000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729002687.0000000003662000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1739120749.00000000035C7000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729136674.0000000003662000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1706112196.000000000365C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000002.1739527863.00000000035C7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      https://store.steampowered.com/points/shop/aspnet_regiis.exe, 00000002.00000003.1729002687.0000000003662000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729136674.0000000003662000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1706112196.000000000365C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        https://community.fastly.steamstatic.com/public/javascript/modalv2.js?v=zBXEuexVQ0FZ&l=english&aaspnet_regiis.exe, 00000002.00000003.1706112196.0000000003656000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729002687.0000000003662000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729136674.0000000003662000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1706112196.000000000365C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          https://sketchfab.comaspnet_regiis.exe, 00000002.00000003.1706112196.0000000003656000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1738368582.0000000003624000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729150438.0000000003624000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1739196469.0000000003624000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1706150176.0000000003624000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            https://lv.queniujq.cnaspnet_regiis.exe, 00000002.00000003.1706150176.0000000003624000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              https://steamcommunity.com/profiles/76561199724331900/inventory/aspnet_regiis.exe, 00000002.00000003.1706112196.0000000003656000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729002687.0000000003662000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1739120749.00000000035C7000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729136674.0000000003662000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1706112196.000000000365C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000002.1739527863.00000000035C7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                https://www.youtube.com/aspnet_regiis.exe, 00000002.00000003.1706150176.0000000003624000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  https://store.steampowered.com/privacy_agreement/aspnet_regiis.exe, 00000002.00000003.1729002687.0000000003662000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729136674.0000000003662000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1706112196.000000000365C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    https://community.fastly.steamstatic.com/public/css/skin_1/modalContent.css?v=WXAusLHclDIt&l=engaspnet_regiis.exe, 00000002.00000003.1706112196.0000000003656000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729002687.0000000003662000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729136674.0000000003662000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1706112196.000000000365C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://community.fastly.steamstatic.com/public/javascript/global.js?v=jWc2JLWHx5Kn&l=english&amaspnet_regiis.exe, 00000002.00000003.1706112196.0000000003656000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729002687.0000000003662000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729136674.0000000003662000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1706112196.000000000365C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        https://www.google.com/recaptcha/aspnet_regiis.exe, 00000002.00000003.1706150176.0000000003624000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          https://checkout.steampowered.com/aspnet_regiis.exe, 00000002.00000003.1706150176.0000000003624000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            https://store.steampowered.com/;aspnet_regiis.exe, 00000002.00000003.1706112196.0000000003656000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1706150176.0000000003624000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              https://store.steampowered.com/about/aspnet_regiis.exe, 00000002.00000003.1706112196.000000000365C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                https://steamcommunity.com/my/wishlist/aspnet_regiis.exe, 00000002.00000003.1729002687.0000000003662000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729136674.0000000003662000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1706112196.000000000365C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  https://lev-tolstoi.com/apiQqrBaspnet_regiis.exe, 00000002.00000003.1729032076.0000000003624000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729150438.0000000003624000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                  • Avira URL Cloud: malware
                                                                                                                                  		unknown
                                                                                                                                  https://community.fastly.steamstatic.com/public/shared/css/shared_responsive.css?v=JL1e4uQSrVGe&aspnet_regiis.exe, 00000002.00000003.1706112196.0000000003656000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729002687.0000000003662000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729136674.0000000003662000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1706112196.000000000365C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    https://checkout.steampowaspnet_regiis.exe, 00000002.00000002.1739605444.0000000003624000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729032076.0000000003624000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1738368582.0000000003624000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729150438.0000000003624000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1739196469.0000000003624000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                    • Avira URL Cloud: safe
                                                                                                                                    		unknown
                                                                                                                                    https://help.steampowered.com/en/aspnet_regiis.exe, 00000002.00000003.1729002687.0000000003662000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729136674.0000000003662000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1706112196.000000000365C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      https://steamcommunity.com/market/aspnet_regiis.exe, 00000002.00000003.1729002687.0000000003662000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729136674.0000000003662000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1706112196.000000000365C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        https://store.steampowered.com/news/aspnet_regiis.exe, 00000002.00000003.1729002687.0000000003662000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729136674.0000000003662000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1706112196.000000000365C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          https://lev-tolstoi.com/apipaspnet_regiis.exe, 00000002.00000002.1739605444.0000000003624000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1738368582.0000000003624000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1739196469.0000000003624000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                          		unknown
                                                                                                                                          http://store.steampowered.com/subscriber_agreement/aspnet_regiis.exe, 00000002.00000003.1706112196.0000000003656000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729002687.0000000003662000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1739120749.00000000035C7000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729136674.0000000003662000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1706112196.000000000365C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000002.1739527863.00000000035C7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.orgaspnet_regiis.exe, 00000002.00000003.1706112196.0000000003656000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729002687.0000000003662000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1739120749.00000000035C7000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729136674.0000000003662000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1706112196.000000000365C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000002.1739527863.00000000035C7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              https://recaptcha.net/recaptcha/;aspnet_regiis.exe, 00000002.00000003.1706112196.0000000003656000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729150438.0000000003624000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1706150176.0000000003624000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                https://login.steampaspnet_regiis.exe, 00000002.00000003.1739196469.0000000003624000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                • Avira URL Cloud: safe
                                                                                                                                                		unknown
                                                                                                                                                https://steamcommunity.com/discussions/aspnet_regiis.exe, 00000002.00000003.1729002687.0000000003662000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729136674.0000000003662000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1706112196.000000000365C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  https://community.fastly.steamstataspnet_regiis.exe, 00000002.00000002.1739605444.0000000003624000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729032076.0000000003624000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1738368582.0000000003624000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729150438.0000000003624000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1739196469.0000000003624000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                  • Avira URL Cloud: safe
                                                                                                                                                  		unknown
                                                                                                                                                  https://store.steampowered.com/stats/aspnet_regiis.exe, 00000002.00000003.1729002687.0000000003662000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729136674.0000000003662000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1706112196.000000000365C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    https://community.fastly.steamstatic.com/public/shared/javascript/shared_global.js?v=Gr6TbGRvDtNE&amaspnet_regiis.exe, 00000002.00000003.1706112196.0000000003656000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729002687.0000000003662000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729136674.0000000003662000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1706112196.000000000365C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      https://medal.tvaspnet_regiis.exe, 00000002.00000003.1706112196.0000000003656000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729150438.0000000003624000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1706150176.0000000003624000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        https://broadcast.st.dl.eccdnx.comaspnet_regiis.exe, 00000002.00000003.1706150176.0000000003624000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          https://community.fastly.steamstatic.com/public/shared/images/responsive/logo_valve_footer.pngaspnet_regiis.exe, 00000002.00000003.1729002687.0000000003662000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729136674.0000000003662000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1706112196.000000000365C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            https://community.fastly.steamstatic.com/public/css/skin_1/header.css?v=EM4kCu67DNda&l=english&aaspnet_regiis.exe, 00000002.00000003.1706112196.0000000003656000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729002687.0000000003662000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729136674.0000000003662000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1706112196.000000000365C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              https://store.steampowered.com/steam_refunds/aspnet_regiis.exe, 00000002.00000003.1729002687.0000000003662000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729136674.0000000003662000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1706112196.000000000365C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                https://community.fastly.steamstatic.com/public/css/applications/community/main.css?v=Lj6X7NKUMfzk&aaspnet_regiis.exe, 00000002.00000003.1706112196.0000000003656000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729002687.0000000003662000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1739120749.00000000035C7000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729136674.0000000003662000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1706112196.000000000365C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000002.1739527863.00000000035C7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900aspnet_regiis.exe, 00000002.00000003.1706112196.000000000365C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                    		high
                                                                                                                                                                    https://community.fastly.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016aspnet_regiis.exe, 00000002.00000003.1729002687.0000000003662000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729136674.0000000003662000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1706112196.000000000365C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                      		high
                                                                                                                                                                      https://community.fastly.steamstatic.com/public/javascript/reportedcontent.js?v=-lZqrarogJr8&l=easpnet_regiis.exe, 00000002.00000003.1706112196.0000000003656000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729002687.0000000003662000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729136674.0000000003662000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1706112196.000000000365C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                        		high
                                                                                                                                                                        https://help.stPaspnet_regiis.exe, 00000002.00000002.1739605444.0000000003624000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729032076.0000000003624000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1738368582.0000000003624000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729150438.0000000003624000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1739196469.0000000003624000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                        • Avira URL Cloud: safe
                                                                                                                                                                        		unknown
                                                                                                                                                                        https://steamcommunity.com/workshop/aspnet_regiis.exe, 00000002.00000003.1729002687.0000000003662000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729136674.0000000003662000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1706112196.000000000365C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                          		high
                                                                                                                                                                          https://login.steampowered.com/aspnet_regiis.exe, 00000002.00000003.1706150176.0000000003624000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                            		high
                                                                                                                                                                            https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7C185ce35c568ebbbaspnet_regiis.exe, 00000002.00000003.1706112196.0000000003656000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                              		high
                                                                                                                                                                              https://community.fastly.steamstatic.com/public/css/globalv2.css?v=hzEgqbtRcI5V&l=english&_caspnet_regiis.exe, 00000002.00000003.1706112196.0000000003656000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729002687.0000000003662000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729136674.0000000003662000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1706112196.000000000365C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                		high
                                                                                                                                                                                https://store.steampowered.com/legal/aspnet_regiis.exe, 00000002.00000003.1706112196.0000000003656000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729002687.0000000003662000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1739120749.00000000035C7000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729136674.0000000003662000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1706112196.000000000365C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000002.1739527863.00000000035C7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  https://community.fastly.steamstatic.com/public/shared/javascript/tooltip.js?v=QYkT4eS5mbTN&l=enaspnet_regiis.exe, 00000002.00000003.1706112196.0000000003656000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729002687.0000000003662000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729136674.0000000003662000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1706112196.000000000365C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    https://community.fastly.steamstatic.com/public/javascript/prototype-1.7.js?v=npJElBnrEO6W&l=engaspnet_regiis.exe, 00000002.00000003.1706112196.0000000003656000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729002687.0000000003662000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729136674.0000000003662000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1706112196.000000000365C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                      		high
                                                                                                                                                                                      https://community.fastly.steamstatic.com/public/javascript/profile.js?v=GeQ6v03mWpAc&l=english&aaspnet_regiis.exe, 00000002.00000003.1706112196.0000000003656000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729002687.0000000003662000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729136674.0000000003662000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1706112196.000000000365C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                        		high
                                                                                                                                                                                        https://community.fastly.steamstatic.com/public/javascript/modalContent.js?v=uqf5ttWTRe7l&l=englaspnet_regiis.exe, 00000002.00000003.1706112196.0000000003656000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729002687.0000000003662000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729136674.0000000003662000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1706112196.000000000365C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                          		high
                                                                                                                                                                                          https://steamcommunity.com/lstuaspnet_regiis.exe, 00000002.00000003.1706150176.0000000003624000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                            		high
                                                                                                                                                                                            https://lev-tolstoi.com//aspnet_regiis.exe, 00000002.00000003.1729032076.00000000035E7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                            		unknown
                                                                                                                                                                                            https://recaptcha.netaspnet_regiis.exe, 00000002.00000003.1706150176.0000000003624000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                              		high
                                                                                                                                                                                              https://store.steampowered.com/aspnet_regiis.exe, 00000002.00000003.1706150176.0000000003624000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                		high
                                                                                                                                                                                                https://community.fastly.steamstatic.com/public/javascript/webui/clientcom.js?v=oOCAGrkRfpQ6&l=easpnet_regiis.exe, 00000002.00000003.1706112196.0000000003656000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729002687.0000000003662000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729136674.0000000003662000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1706112196.000000000365C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                  		high
                                                                                                                                                                                                  https://steamcommunity.comaspnet_regiis.exe, 00000002.00000002.1739605444.0000000003624000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729032076.0000000003624000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1738368582.0000000003624000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729150438.0000000003624000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1739196469.0000000003624000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                    		high
                                                                                                                                                                                                    https://community.fastly.steamstatic.com/public/shared/images/responsive/header_logo.pngaspnet_regiis.exe, 00000002.00000003.1729002687.0000000003662000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729136674.0000000003662000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1706112196.000000000365C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                      		high
                                                                                                                                                                                                      http://127.0.0.1:27060aspnet_regiis.exe, 00000002.00000003.1706112196.0000000003656000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1738368582.0000000003624000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729150438.0000000003624000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1739196469.0000000003624000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1706150176.0000000003624000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                        		high
                                                                                                                                                                                                        https://avatars.fastly.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpgaspnet_regiis.exe, 00000002.00000003.1706112196.000000000365C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729032076.00000000035C9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          		high
                                                                                                                                                                                                          https://community.fastly.steamstatic.com/public/images/skin_1/arrowDn9x5.gifaspnet_regiis.exe, 00000002.00000003.1706112196.0000000003656000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729002687.0000000003662000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729136674.0000000003662000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1706112196.000000000365C000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729032076.00000000035C9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            		high
                                                                                                                                                                                                            https://steambroadcast-test.akamaizedpaspnet_regiis.exe, 00000002.00000002.1739605444.0000000003624000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729032076.0000000003624000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1738368582.0000000003624000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729150438.0000000003624000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1739196469.0000000003624000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: safe
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            https://community.fastly.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=tvQaspnet_regiis.exe, 00000002.00000003.1706112196.0000000003656000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729002687.0000000003662000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729136674.0000000003662000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1706112196.000000000365C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                              		high
                                                                                                                                                                                                              https://community.fastly.steamstatic.com/public/shared/javascript/auth_refresh.js?v=w6QbwI-5-j2S&ampaspnet_regiis.exe, 00000002.00000003.1706112196.0000000003656000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729002687.0000000003662000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1729136674.0000000003662000.00000004.00000020.00020000.00000000.sdmp, aspnet_regiis.exe, 00000002.00000003.1706112196.000000000365C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                		high

                                                                                                                                                                                                                World Map of Contacted IPs

                                                                                                                                                                                                                • No. of IPs < 25%
                                                                                                                                                                                                                • 25% < No. of IPs < 50%
                                                                                                                                                                                                                • 50% < No. of IPs < 75%
                                                                                                                                                                                                                • 75% < No. of IPs

                                                                                                                                                                                                                Public IPs

                                                                                                                                                                                                                IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                                104.21.66.86
                                                                                                                                                                                                                		lev-tolstoi.comUnited States
                                                                                                                                                                                                                		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                                                92.122.104.90
                                                                                                                                                                                                                		steamcommunity.comEuropean Union
                                                                                                                                                                                                                		16625AKAMAI-ASUSfalse

                                                                                                                                                                                                                General Information

                                                                                                                                                                                                                Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                                Analysis ID:1581494
                                                                                                                                                                                                                Start date and time:2024-12-27 22:29:04 +01:00
                                                                                                                                                                                                                Joe Sandbox product:CloudBasic
                                                                                                                                                                                                                Overall analysis duration:0h 4m 4s
                                                                                                                                                                                                                Hypervisor based Inspection enabled:false
                                                                                                                                                                                                                Report type:full
                                                                                                                                                                                                                Cookbook file name:default.jbs
                                                                                                                                                                                                                Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                                Number of analysed new started processes analysed:3
                                                                                                                                                                                                                Number of new started drivers analysed:0
                                                                                                                                                                                                                Number of existing processes analysed:0
                                                                                                                                                                                                                Number of existing drivers analysed:0
                                                                                                                                                                                                                Number of injected processes analysed:0
                                                                                                                                                                                                                Technologies:
                                                                                                                                                                                                                • HCA enabled
                                                                                                                                                                                                                • EGA enabled
                                                                                                                                                                                                                • AMSI enabled
                                                                                                                                                                                                                Analysis Mode:default
                                                                                                                                                                                                                Analysis stop reason:Timeout
                                                                                                                                                                                                                Sample name:Leside-.exe
                                                                                                                                                                                                                Detection:MAL
                                                                                                                                                                                                                Classification:mal100.troj.evad.winEXE@4/2@11/2
                                                                                                                                                                                                                EGA Information:
                                                                                                                                                                                                                • Successful, ratio: 100%
                                                                                                                                                                                                                HCA Information:
                                                                                                                                                                                                                • Successful, ratio: 97%
                                                                                                                                                                                                                • Number of executed functions: 20
                                                                                                                                                                                                                • Number of non-executed functions: 138
                                                                                                                                                                                                                Cookbook Comments:
                                                                                                                                                                                                                • Found application associated with file extension: .exe
                                                                                                                                                                                                                • Stop behavior analysis, all processes terminated

                                                                                                                                                                                                                Warnings

                                                                                                                                                                                                                • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                                • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                                                                                                • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                                • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                                • VT rate limit hit for: Leside-.exe

                                                                                                                                                                                                                Simulations

                                                                                                                                                                                                                Behavior and APIs

                                                                                                                                                                                                                TimeTypeDescription
                                                                                                                                                                                                                16:29:53API Interceptor11x Sleep call for process: aspnet_regiis.exe modified

                                                                                                                                                                                                                Joe Sandbox View / Context

                                                                                                                                                                                                                IPs

                                                                                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                104.21.66.86MV ROCKET_PDA.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                • www.ayushigangwar.com/nqn4/?CJBlp=0Brh6Vr8UbBX&T2MpwT=59bmqUDXor7TXV4b71NCQ0d0nCVif23i1yH5+9ZmJc5hgCU7y+ZN9z0btTsWzGv6OrGw
                                                                                                                                                                                                                92.122.104.90file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar, XmrigBrowse
                                                                                                                                                                                                                  UMrFwHyjUi.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                    file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                                      file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                                        SecuriteInfo.com.Win32.PWSX-gen.19404.14810.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                          http://sneamcomnnumnlty.com/fact/actual/getGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                            https://u.to/xjPiIAGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              https://sueamcoommunnlty.com/geting/activeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                file.exeGet hashmaliciousLummaC, VidarBrowse
                                                                                                                                                                                                                                  AD3SI7tuzs.exeGet hashmaliciousLummaCBrowse

                                                                                                                                                                                                                                    Domains

                                                                                                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                    lev-tolstoi.comVq50tK1Nx2.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                    • 104.21.66.86
                                                                                                                                                                                                                                    IzDjbVdHha.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                    • 172.67.157.254
                                                                                                                                                                                                                                    T4qO1i2Jav.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                                    • 172.67.157.254
                                                                                                                                                                                                                                    FXdg37pY22.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                                    • 104.21.66.86
                                                                                                                                                                                                                                    k0ukcEH.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                    • 172.67.157.254
                                                                                                                                                                                                                                    pVbAZEFIpI.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                    • 172.67.157.254
                                                                                                                                                                                                                                    GxX48twWHA.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                    • 104.21.66.86
                                                                                                                                                                                                                                    ERTL09tA59.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                    • 104.21.66.86
                                                                                                                                                                                                                                    MaZjv5XeQi.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                    • 104.21.66.86
                                                                                                                                                                                                                                    jT7sgjdTea.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                    • 172.67.157.254
                                                                                                                                                                                                                                    steamcommunity.comSetup.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                    • 104.121.10.34
                                                                                                                                                                                                                                    Setup.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                    • 23.55.153.106
                                                                                                                                                                                                                                    Vq50tK1Nx2.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                    • 104.121.10.34
                                                                                                                                                                                                                                    IzDjbVdHha.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                    • 104.121.10.34
                                                                                                                                                                                                                                    T4qO1i2Jav.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                                    • 23.55.153.106
                                                                                                                                                                                                                                    FXdg37pY22.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                                    • 23.55.153.106
                                                                                                                                                                                                                                    FXdg37pY22.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                                    • 23.55.153.106
                                                                                                                                                                                                                                    k0ukcEH.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                    • 23.55.153.106
                                                                                                                                                                                                                                    8WRONDszv4.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, PureLog Stealer, Stealc, zgRATBrowse
                                                                                                                                                                                                                                    • 23.55.153.106
                                                                                                                                                                                                                                    pVbAZEFIpI.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                    • 104.102.49.254

                                                                                                                                                                                                                                    ASNs

                                                                                                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                    AKAMAI-ASUSSetup.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                    • 104.121.10.34
                                                                                                                                                                                                                                    Vq50tK1Nx2.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                    • 104.121.10.34
                                                                                                                                                                                                                                    IzDjbVdHha.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                    • 104.121.10.34
                                                                                                                                                                                                                                    JA7cOAGHym.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                    • 23.57.90.162
                                                                                                                                                                                                                                    grand-theft-auto-5-theme-1-installer_qb8W-j1.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                    • 95.100.135.104
                                                                                                                                                                                                                                    db0fa4b8db0333367e9bda3ab68b8042.m68k.elfGet hashmaliciousMirai, GafgytBrowse
                                                                                                                                                                                                                                    • 104.73.204.126
                                                                                                                                                                                                                                    db0fa4b8db0333367e9bda3ab68b8042.spc.elfGet hashmaliciousMirai, GafgytBrowse
                                                                                                                                                                                                                                    • 104.120.124.62
                                                                                                                                                                                                                                    pVbAZEFIpI.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                    • 104.102.49.254
                                                                                                                                                                                                                                    GxX48twWHA.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                    • 104.102.49.254
                                                                                                                                                                                                                                    RUUSfr6dVm.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                    • 104.102.49.254
                                                                                                                                                                                                                                    CLOUDFLARENETUSsolara-executor.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                    • 172.67.75.163
                                                                                                                                                                                                                                    Setup.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                    • 104.21.2.114
                                                                                                                                                                                                                                    Setup.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                    • 104.21.2.114
                                                                                                                                                                                                                                    http://proxyium.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                    • 104.21.80.92
                                                                                                                                                                                                                                    https://cbhc9.anguatiab.ru/RpweC/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                    • 1.1.1.1
                                                                                                                                                                                                                                    setup.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                    • 172.67.148.171
                                                                                                                                                                                                                                    search.htaGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                    • 172.67.153.170
                                                                                                                                                                                                                                    http://bitstampweb.0532tg.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                    • 172.67.133.12
                                                                                                                                                                                                                                    https://fin.hiringplatform.ca/processes/197662-tax-legislation-officer-ec-06-ec-07?locale=enGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                    • 172.66.0.145
                                                                                                                                                                                                                                    SET_UP.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                    • 172.67.152.152

                                                                                                                                                                                                                                    JA3 Fingerprints

                                                                                                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                    a0e9f5d64349fb13191bc781f81f42e1search.htaGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                    • 104.21.66.86
                                                                                                                                                                                                                                    • 92.122.104.90
                                                                                                                                                                                                                                    SET_UP.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                    • 104.21.66.86
                                                                                                                                                                                                                                    • 92.122.104.90
                                                                                                                                                                                                                                    !Setup.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                                    • 104.21.66.86
                                                                                                                                                                                                                                    • 92.122.104.90
                                                                                                                                                                                                                                    @Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                    • 104.21.66.86
                                                                                                                                                                                                                                    • 92.122.104.90
                                                                                                                                                                                                                                    Full_Setup.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                                    • 104.21.66.86
                                                                                                                                                                                                                                    • 92.122.104.90
                                                                                                                                                                                                                                    Solara.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                    • 104.21.66.86
                                                                                                                                                                                                                                    • 92.122.104.90
                                                                                                                                                                                                                                    0x001f00000004676d-1858.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                    • 104.21.66.86
                                                                                                                                                                                                                                    • 92.122.104.90
                                                                                                                                                                                                                                    eYAXkcBRfQ.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                    • 104.21.66.86
                                                                                                                                                                                                                                    • 92.122.104.90
                                                                                                                                                                                                                                    JpzbUfhXi0.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                    • 104.21.66.86
                                                                                                                                                                                                                                    • 92.122.104.90
                                                                                                                                                                                                                                    o0cabS0OQn.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                                                    • 104.21.66.86
                                                                                                                                                                                                                                    • 92.122.104.90

                                                                                                                                                                                                                                    Dropped Files

                                                                                                                                                                                                                                    No context

                                                                                                                                                                                                                                    Created / dropped Files

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Leside-.exe.log

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Leside-.exe
                                                                                                                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):42
                                                                                                                                                                                                                                    Entropy (8bit):4.0050635535766075
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:3:QHXMKa/xwwUy:Q3La/xwQ
                                                                                                                                                                                                                                    MD5:84CFDB4B995B1DBF543B26B86C863ADC
                                                                                                                                                                                                                                    SHA1:D2F47764908BF30036CF8248B9FF5541E2711FA2
                                                                                                                                                                                                                                    SHA-256:D8988D672D6915B46946B28C06AD8066C50041F6152A91D37FFA5CF129CC146B
                                                                                                                                                                                                                                    SHA-512:485F0ED45E13F00A93762CBF15B4B8F996553BAA021152FAE5ABA051E3736BCD3CA8F4328F0E6D9E3E1F910C96C4A9AE055331123EE08E3C2CE3A99AC2E177CE
                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                    Reputation:high, very likely benign file
                                                                                                                                                                                                                                    Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..

                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\gdi32.dll

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Leside-.exe
                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):639488
                                                                                                                                                                                                                                    Entropy (8bit):7.115559609311837
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:12288:3gF7Se1JDl5LVaL8kZIOWhbN4ddlannT5EbJ+vMvb4Yw8kU0khJ7x:3gF7Se1JQL8ekmd+TiF
                                                                                                                                                                                                                                    MD5:F58AFB7B8EFFFB002935D17D85765FB4
                                                                                                                                                                                                                                    SHA1:2506433DC55B8B42F94B70557EF444E8D05A17DC
                                                                                                                                                                                                                                    SHA-256:8FC9F09B3F2424D918B5E8DDCEDE5980B6E6B356BB2E50873CF6EDA804C01886
                                                                                                                                                                                                                                    SHA-512:870FC5FB7AD167ABB87645D43715C6642379948CB638C7EFAD19AA5D36EE251A0B54949EF5598E30A36E6D3BCB8D6027CF27DC60EFCBEB8BC6164B2A9CDD1880
                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                    Reputation:low
                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........b.....................A..................{w....................................................Rich...........................PE..L...#.ng...........!.....d...f......D.....................................................@.............................|...|...P................................)..l...................................@...............T............................text...Hb.......d.................. ..`.rdata..Re.......f...h..............@..@.data...............................@....reloc...).......*..................@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                    Static File Info

                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                    File type:PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                    Entropy (8bit):7.108163235877968
                                                                                                                                                                                                                                    TrID:
                                                                                                                                                                                                                                    • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                                                                                                                                                                                                                                    • Win32 Executable (generic) a (10002005/4) 49.78%
                                                                                                                                                                                                                                    • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                                                                                                                                                                                                    • Generic Win/DOS Executable (2004/3) 0.01%
                                                                                                                                                                                                                                    • DOS Executable Generic (2002/1) 0.01%
                                                                                                                                                                                                                                    File name:Leside-.exe
                                                                                                                                                                                                                                    File size:651'264 bytes
                                                                                                                                                                                                                                    MD5:54bb85bce47c855c509a16b32970c38b
                                                                                                                                                                                                                                    SHA1:23c1819fbc72cf7d645c036324d85208df6c77f3
                                                                                                                                                                                                                                    SHA256:3ccd2f2337a264971fed13bf7b3e4ca076afde84ba7b6c681f467b5021c0923e
                                                                                                                                                                                                                                    SHA512:e2ba5e48db5f4a2c0d37e3d1eba259e9055bab7026c9087dd0bfe950381446bf7a213fb11334c3d975bf9cf1266e8705405f1f98fb413ae69b991d3dc371b85a
                                                                                                                                                                                                                                    SSDEEP:12288:4TdteaOF2UoQBsjSNtXEcVyiBFAMyhZVUEz4Pjt/ax7t2e:4ptdOG6UcVy+yhZVUEz4PAx73
                                                                                                                                                                                                                                    TLSH:F1D44B1F527BE209F54A007095AA327B5DB4EE69E503CCF207C4E96B6066C71EBECD12
                                                                                                                                                                                                                                    File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...$.ng..............0.............n@... ... ....@.. .......................`............@................................

                                                                                                                                                                                                                                    File Icon

                                                                                                                                                                                                                                    Icon Hash:90cececece8e8eb0

                                                                                                                                                                                                                                    Static PE Info

                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                    Entrypoint:0x40406e
                                                                                                                                                                                                                                    Entrypoint Section:.text
                                                                                                                                                                                                                                    Digitally signed:false
                                                                                                                                                                                                                                    Imagebase:0x400000
                                                                                                                                                                                                                                    Subsystem:windows cui
                                                                                                                                                                                                                                    Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                                                                                                                    DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                                    Time Stamp:0x676E8824 [Fri Dec 27 10:57:40 2024 UTC]
                                                                                                                                                                                                                                    TLS Callbacks:
                                                                                                                                                                                                                                    CLR (.Net) Version:
                                                                                                                                                                                                                                    OS Version Major:4
                                                                                                                                                                                                                                    OS Version Minor:0
                                                                                                                                                                                                                                    File Version Major:4
                                                                                                                                                                                                                                    File Version Minor:0
                                                                                                                                                                                                                                    Subsystem Version Major:4
                                                                                                                                                                                                                                    Subsystem Version Minor:0
                                                                                                                                                                                                                                    Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                                                                                                                                                                                                    Entrypoint Preview

                                                                                                                                                                                                                                    Instruction
                                                                                                                                                                                                                                    jmp dword ptr [00402000h]
                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                    jnl 00007F6CC480DF52h
                                                                                                                                                                                                                                    cmp cl, dl

                                                                                                                                                                                                                                    Data Directories

                                                                                                                                                                                                                                    NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_IMPORT0x401c0x4f.text
                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_RESOURCE0xa20000x664.rsrc
                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_BASERELOC0xa40000xc.reloc
                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                                    Sections

                                                                                                                                                                                                                                    NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                                    .text0x20000x9e2780x9e400ee3ee09ff4e574e9b8bb0847fb4b05afFalse0.46996877468404424data7.114694614150449IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                    .rsrc0xa20000x6640x800afe3080c873fefe5b82f32d13e83ea8dFalse0.35107421875data3.6105756444135118IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                    .reloc0xa40000xc0x2005dbda4a38bd7d993b0957a10cb682415False0.044921875data0.08153941234324169IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                                                    Resources

                                                                                                                                                                                                                                    NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                                    RT_VERSION0xa20900x3d4data0.42142857142857143
                                                                                                                                                                                                                                    RT_MANIFEST0xa24740x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

                                                                                                                                                                                                                                    Imports

                                                                                                                                                                                                                                    DLLImport
                                                                                                                                                                                                                                    mscoree.dll_CorExeMain

                                                                                                                                                                                                                                    Network Behavior

                                                                                                                                                                                                                                    Suricata IDS Alerts

                                                                                                                                                                                                                                    TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                                                                                    2024-12-27T22:29:58.577963+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.44973092.122.104.90443TCP
                                                                                                                                                                                                                                    2024-12-27T22:29:59.375510+01002858666ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup1192.168.2.44973092.122.104.90443TCP
                                                                                                                                                                                                                                    2024-12-27T22:30:01.088185+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449731104.21.66.86443TCP
                                                                                                                                                                                                                                    2024-12-27T22:30:01.877190+01002049836ET MALWARE Lumma Stealer Related Activity1192.168.2.449731104.21.66.86443TCP
                                                                                                                                                                                                                                    2024-12-27T22:30:01.877190+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.449731104.21.66.86443TCP
                                                                                                                                                                                                                                    2024-12-27T22:30:02.792004+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449732104.21.66.86443TCP

                                                                                                                                                                                                                                    Network Port Distribution

                                                                                                                                                                                                                                    TCP Packets

                                                                                                                                                                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                    Dec 27, 2024 22:29:57.186171055 CET49730443192.168.2.492.122.104.90
                                                                                                                                                                                                                                    Dec 27, 2024 22:29:57.186203957 CET4434973092.122.104.90192.168.2.4
                                                                                                                                                                                                                                    Dec 27, 2024 22:29:57.186273098 CET49730443192.168.2.492.122.104.90
                                                                                                                                                                                                                                    Dec 27, 2024 22:29:57.189615965 CET49730443192.168.2.492.122.104.90
                                                                                                                                                                                                                                    Dec 27, 2024 22:29:57.189630985 CET4434973092.122.104.90192.168.2.4
                                                                                                                                                                                                                                    Dec 27, 2024 22:29:58.577841043 CET4434973092.122.104.90192.168.2.4
                                                                                                                                                                                                                                    Dec 27, 2024 22:29:58.577963114 CET49730443192.168.2.492.122.104.90
                                                                                                                                                                                                                                    Dec 27, 2024 22:29:58.582371950 CET49730443192.168.2.492.122.104.90
                                                                                                                                                                                                                                    Dec 27, 2024 22:29:58.582381964 CET4434973092.122.104.90192.168.2.4
                                                                                                                                                                                                                                    Dec 27, 2024 22:29:58.582675934 CET4434973092.122.104.90192.168.2.4
                                                                                                                                                                                                                                    Dec 27, 2024 22:29:58.626105070 CET49730443192.168.2.492.122.104.90
                                                                                                                                                                                                                                    Dec 27, 2024 22:29:58.671345949 CET4434973092.122.104.90192.168.2.4
                                                                                                                                                                                                                                    Dec 27, 2024 22:29:59.375539064 CET4434973092.122.104.90192.168.2.4
                                                                                                                                                                                                                                    Dec 27, 2024 22:29:59.375560999 CET4434973092.122.104.90192.168.2.4
                                                                                                                                                                                                                                    Dec 27, 2024 22:29:59.375598907 CET4434973092.122.104.90192.168.2.4
                                                                                                                                                                                                                                    Dec 27, 2024 22:29:59.375612020 CET4434973092.122.104.90192.168.2.4
                                                                                                                                                                                                                                    Dec 27, 2024 22:29:59.375614882 CET49730443192.168.2.492.122.104.90
                                                                                                                                                                                                                                    Dec 27, 2024 22:29:59.375626087 CET49730443192.168.2.492.122.104.90
                                                                                                                                                                                                                                    Dec 27, 2024 22:29:59.375632048 CET4434973092.122.104.90192.168.2.4
                                                                                                                                                                                                                                    Dec 27, 2024 22:29:59.375646114 CET4434973092.122.104.90192.168.2.4
                                                                                                                                                                                                                                    Dec 27, 2024 22:29:59.375653982 CET49730443192.168.2.492.122.104.90
                                                                                                                                                                                                                                    Dec 27, 2024 22:29:59.375669003 CET49730443192.168.2.492.122.104.90
                                                                                                                                                                                                                                    Dec 27, 2024 22:29:59.375693083 CET49730443192.168.2.492.122.104.90
                                                                                                                                                                                                                                    Dec 27, 2024 22:29:59.553158045 CET4434973092.122.104.90192.168.2.4
                                                                                                                                                                                                                                    Dec 27, 2024 22:29:59.553201914 CET4434973092.122.104.90192.168.2.4
                                                                                                                                                                                                                                    Dec 27, 2024 22:29:59.553263903 CET49730443192.168.2.492.122.104.90
                                                                                                                                                                                                                                    Dec 27, 2024 22:29:59.553272009 CET4434973092.122.104.90192.168.2.4
                                                                                                                                                                                                                                    Dec 27, 2024 22:29:59.553313971 CET49730443192.168.2.492.122.104.90
                                                                                                                                                                                                                                    Dec 27, 2024 22:29:59.583898067 CET4434973092.122.104.90192.168.2.4
                                                                                                                                                                                                                                    Dec 27, 2024 22:29:59.583939075 CET4434973092.122.104.90192.168.2.4
                                                                                                                                                                                                                                    Dec 27, 2024 22:29:59.583970070 CET4434973092.122.104.90192.168.2.4
                                                                                                                                                                                                                                    Dec 27, 2024 22:29:59.584012985 CET49730443192.168.2.492.122.104.90
                                                                                                                                                                                                                                    Dec 27, 2024 22:29:59.584072113 CET49730443192.168.2.492.122.104.90
                                                                                                                                                                                                                                    Dec 27, 2024 22:29:59.587548018 CET49730443192.168.2.492.122.104.90
                                                                                                                                                                                                                                    Dec 27, 2024 22:29:59.587560892 CET4434973092.122.104.90192.168.2.4
                                                                                                                                                                                                                                    Dec 27, 2024 22:29:59.587572098 CET49730443192.168.2.492.122.104.90
                                                                                                                                                                                                                                    Dec 27, 2024 22:29:59.587578058 CET4434973092.122.104.90192.168.2.4
                                                                                                                                                                                                                                    Dec 27, 2024 22:29:59.824908018 CET49731443192.168.2.4104.21.66.86
                                                                                                                                                                                                                                    Dec 27, 2024 22:29:59.824981928 CET44349731104.21.66.86192.168.2.4
                                                                                                                                                                                                                                    Dec 27, 2024 22:29:59.825081110 CET49731443192.168.2.4104.21.66.86
                                                                                                                                                                                                                                    Dec 27, 2024 22:29:59.825407982 CET49731443192.168.2.4104.21.66.86
                                                                                                                                                                                                                                    Dec 27, 2024 22:29:59.825426102 CET44349731104.21.66.86192.168.2.4
                                                                                                                                                                                                                                    Dec 27, 2024 22:30:01.088103056 CET44349731104.21.66.86192.168.2.4
                                                                                                                                                                                                                                    Dec 27, 2024 22:30:01.088185072 CET49731443192.168.2.4104.21.66.86
                                                                                                                                                                                                                                    Dec 27, 2024 22:30:01.090945005 CET49731443192.168.2.4104.21.66.86
                                                                                                                                                                                                                                    Dec 27, 2024 22:30:01.090955019 CET44349731104.21.66.86192.168.2.4
                                                                                                                                                                                                                                    Dec 27, 2024 22:30:01.091151953 CET44349731104.21.66.86192.168.2.4
                                                                                                                                                                                                                                    Dec 27, 2024 22:30:01.092597961 CET49731443192.168.2.4104.21.66.86
                                                                                                                                                                                                                                    Dec 27, 2024 22:30:01.092611074 CET49731443192.168.2.4104.21.66.86
                                                                                                                                                                                                                                    Dec 27, 2024 22:30:01.092663050 CET44349731104.21.66.86192.168.2.4
                                                                                                                                                                                                                                    Dec 27, 2024 22:30:01.877202034 CET44349731104.21.66.86192.168.2.4
                                                                                                                                                                                                                                    Dec 27, 2024 22:30:01.877278090 CET44349731104.21.66.86192.168.2.4
                                                                                                                                                                                                                                    Dec 27, 2024 22:30:01.877337933 CET49731443192.168.2.4104.21.66.86
                                                                                                                                                                                                                                    Dec 27, 2024 22:30:01.877572060 CET49731443192.168.2.4104.21.66.86
                                                                                                                                                                                                                                    Dec 27, 2024 22:30:01.877587080 CET44349731104.21.66.86192.168.2.4
                                                                                                                                                                                                                                    Dec 27, 2024 22:30:01.877597094 CET49731443192.168.2.4104.21.66.86
                                                                                                                                                                                                                                    Dec 27, 2024 22:30:01.877602100 CET44349731104.21.66.86192.168.2.4
                                                                                                                                                                                                                                    Dec 27, 2024 22:30:01.905158997 CET49732443192.168.2.4104.21.66.86
                                                                                                                                                                                                                                    Dec 27, 2024 22:30:01.905249119 CET44349732104.21.66.86192.168.2.4
                                                                                                                                                                                                                                    Dec 27, 2024 22:30:01.905337095 CET49732443192.168.2.4104.21.66.86
                                                                                                                                                                                                                                    Dec 27, 2024 22:30:01.905586958 CET49732443192.168.2.4104.21.66.86
                                                                                                                                                                                                                                    Dec 27, 2024 22:30:01.905621052 CET44349732104.21.66.86192.168.2.4
                                                                                                                                                                                                                                    Dec 27, 2024 22:30:02.792004108 CET49732443192.168.2.4104.21.66.86

                                                                                                                                                                                                                                    UDP Packets

                                                                                                                                                                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                    Dec 27, 2024 22:29:54.827877998 CET5747053192.168.2.41.1.1.1
                                                                                                                                                                                                                                    Dec 27, 2024 22:29:55.065226078 CET53574701.1.1.1192.168.2.4
                                                                                                                                                                                                                                    Dec 27, 2024 22:29:55.068157911 CET6088353192.168.2.41.1.1.1
                                                                                                                                                                                                                                    Dec 27, 2024 22:29:55.297163963 CET53608831.1.1.1192.168.2.4
                                                                                                                                                                                                                                    Dec 27, 2024 22:29:55.301680088 CET6249353192.168.2.41.1.1.1
                                                                                                                                                                                                                                    Dec 27, 2024 22:29:55.652703047 CET53624931.1.1.1192.168.2.4
                                                                                                                                                                                                                                    Dec 27, 2024 22:29:55.655431986 CET5810753192.168.2.41.1.1.1
                                                                                                                                                                                                                                    Dec 27, 2024 22:29:55.882030010 CET53581071.1.1.1192.168.2.4
                                                                                                                                                                                                                                    Dec 27, 2024 22:29:55.883470058 CET6124353192.168.2.41.1.1.1
                                                                                                                                                                                                                                    Dec 27, 2024 22:29:56.113459110 CET53612431.1.1.1192.168.2.4
                                                                                                                                                                                                                                    Dec 27, 2024 22:29:56.116529942 CET5412053192.168.2.41.1.1.1
                                                                                                                                                                                                                                    Dec 27, 2024 22:29:56.332871914 CET53541201.1.1.1192.168.2.4
                                                                                                                                                                                                                                    Dec 27, 2024 22:29:56.336253881 CET6301253192.168.2.41.1.1.1
                                                                                                                                                                                                                                    Dec 27, 2024 22:29:56.569648027 CET53630121.1.1.1192.168.2.4
                                                                                                                                                                                                                                    Dec 27, 2024 22:29:56.572582960 CET5876053192.168.2.41.1.1.1
                                                                                                                                                                                                                                    Dec 27, 2024 22:29:56.785001040 CET53587601.1.1.1192.168.2.4
                                                                                                                                                                                                                                    Dec 27, 2024 22:29:56.787342072 CET6411053192.168.2.41.1.1.1
                                                                                                                                                                                                                                    Dec 27, 2024 22:29:57.015932083 CET53641101.1.1.1192.168.2.4
                                                                                                                                                                                                                                    Dec 27, 2024 22:29:57.018794060 CET5847753192.168.2.41.1.1.1
                                                                                                                                                                                                                                    Dec 27, 2024 22:29:57.165505886 CET53584771.1.1.1192.168.2.4
                                                                                                                                                                                                                                    Dec 27, 2024 22:29:59.597748041 CET6116453192.168.2.41.1.1.1
                                                                                                                                                                                                                                    Dec 27, 2024 22:29:59.824106932 CET53611641.1.1.1192.168.2.4

                                                                                                                                                                                                                                    DNS Queries

                                                                                                                                                                                                                                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                                    Dec 27, 2024 22:29:54.827877998 CET192.168.2.41.1.1.10x78eaStandard query (0)ingreem-eilish.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                    Dec 27, 2024 22:29:55.068157911 CET192.168.2.41.1.1.10x929eStandard query (0)prisonyfork.buzzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                    Dec 27, 2024 22:29:55.301680088 CET192.168.2.41.1.1.10xce97Standard query (0)rebuildeso.buzzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                    Dec 27, 2024 22:29:55.655431986 CET192.168.2.41.1.1.10x4274Standard query (0)scentniej.buzzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                    Dec 27, 2024 22:29:55.883470058 CET192.168.2.41.1.1.10xea87Standard query (0)inherineau.buzzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                    Dec 27, 2024 22:29:56.116529942 CET192.168.2.41.1.1.10x9ca2Standard query (0)screwamusresz.buzzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                    Dec 27, 2024 22:29:56.336253881 CET192.168.2.41.1.1.10x40dcStandard query (0)appliacnesot.buzzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                    Dec 27, 2024 22:29:56.572582960 CET192.168.2.41.1.1.10xa2f7Standard query (0)cashfuzysao.buzzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                    Dec 27, 2024 22:29:56.787342072 CET192.168.2.41.1.1.10x329Standard query (0)hummskitnj.buzzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                    Dec 27, 2024 22:29:57.018794060 CET192.168.2.41.1.1.10x88b9Standard query (0)steamcommunity.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                    Dec 27, 2024 22:29:59.597748041 CET192.168.2.41.1.1.10xae0Standard query (0)lev-tolstoi.comA (IP address)IN (0x0001)false

                                                                                                                                                                                                                                    DNS Answers

                                                                                                                                                                                                                                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                                    Dec 27, 2024 22:29:55.065226078 CET1.1.1.1192.168.2.40x78eaName error (3)ingreem-eilish.biznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                    Dec 27, 2024 22:29:55.297163963 CET1.1.1.1192.168.2.40x929eName error (3)prisonyfork.buzznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                    Dec 27, 2024 22:29:55.652703047 CET1.1.1.1192.168.2.40xce97Name error (3)rebuildeso.buzznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                    Dec 27, 2024 22:29:55.882030010 CET1.1.1.1192.168.2.40x4274Name error (3)scentniej.buzznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                    Dec 27, 2024 22:29:56.113459110 CET1.1.1.1192.168.2.40xea87Name error (3)inherineau.buzznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                    Dec 27, 2024 22:29:56.332871914 CET1.1.1.1192.168.2.40x9ca2Name error (3)screwamusresz.buzznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                    Dec 27, 2024 22:29:56.569648027 CET1.1.1.1192.168.2.40x40dcName error (3)appliacnesot.buzznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                    Dec 27, 2024 22:29:56.785001040 CET1.1.1.1192.168.2.40xa2f7Name error (3)cashfuzysao.buzznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                    Dec 27, 2024 22:29:57.015932083 CET1.1.1.1192.168.2.40x329Name error (3)hummskitnj.buzznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                    Dec 27, 2024 22:29:57.165505886 CET1.1.1.1192.168.2.40x88b9No error (0)steamcommunity.com92.122.104.90A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                    Dec 27, 2024 22:29:59.824106932 CET1.1.1.1192.168.2.40xae0No error (0)lev-tolstoi.com104.21.66.86A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                    Dec 27, 2024 22:29:59.824106932 CET1.1.1.1192.168.2.40xae0No error (0)lev-tolstoi.com172.67.157.254A (IP address)IN (0x0001)false

                                                                                                                                                                                                                                    HTTP Request Dependency Graph

                                                                                                                                                                                                                                    • steamcommunity.com
                                                                                                                                                                                                                                    • lev-tolstoi.com

                                                                                                                                                                                                                                    HTTPS Proxied Packets

                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                    0192.168.2.44973092.122.104.90443480C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                    2024-12-27 21:29:58 UTC219OUTGET /profiles/76561199724331900 HTTP/1.1
                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                    Host: steamcommunity.com
                                                                                                                                                                                                                                    2024-12-27 21:29:59 UTC1905INHTTP/1.1 200 OK
                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                    Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq. [TRUNCATED]
                                                                                                                                                                                                                                    Expires: Mon, 26 Jul 1997 05:00:00 GMT
                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                    Date: Fri, 27 Dec 2024 21:29:59 GMT
                                                                                                                                                                                                                                    Content-Length: 35121
                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                    Set-Cookie: sessionid=4b81e9edead33889589ee890; Path=/; Secure; SameSite=None
                                                                                                                                                                                                                                    Set-Cookie: steamCountry=US%7C185ce35c568ebbb18a145d0cabae7186; Path=/; Secure; HttpOnly; SameSite=None
                                                                                                                                                                                                                                    2024-12-27 21:29:59 UTC14479INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0a 09 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 37 31 61 32 31 22 3e 0a 09 09 3c 74 69 74 6c 65 3e
                                                                                                                                                                                                                                    Data Ascii: <!DOCTYPE html><html class=" responsive" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="theme-color" content="#171a21"><title>
                                                                                                                                                                                                                                    2024-12-27 21:29:59 UTC10097INData Raw: 2e 63 6f 6d 2f 3f 73 75 62 73 65 63 74 69 6f 6e 3d 62 72 6f 61 64 63 61 73 74 73 22 3e 0a 09 09 09 09 09 09 42 72 6f 61 64 63 61 73 74 73 09 09 09 09 09 09 09 09 09 09 09 3c 2f 61 3e 0a 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 6d 65 6e 75 69 74 65 6d 20 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 74 6f 72 65 2e 73 74 65 61 6d 70 6f 77 65 72 65 64 2e 63 6f 6d 2f 61 62 6f 75 74 2f 22 3e 0a 09 09 09 09 41 62 6f 75 74 09 09 09 3c 2f 61 3e 0a 09 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 6d 65 6e 75 69 74 65 6d 20 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 68 65 6c 70 2e 73 74 65 61 6d 70 6f 77 65 72 65 64 2e 63 6f 6d 2f 65 6e 2f 22 3e 0a 09 09 09 09 53 55 50 50 4f 52 54 09
                                                                                                                                                                                                                                    Data Ascii: .com/?subsection=broadcasts">Broadcasts</a></div><a class="menuitem " href="https://store.steampowered.com/about/">About</a><a class="menuitem " href="https://help.steampowered.com/en/">SUPPORT
                                                                                                                                                                                                                                    2024-12-27 21:29:59 UTC10545INData Raw: 4e 49 56 45 52 53 45 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 70 75 62 6c 69 63 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 4c 41 4e 47 55 41 47 45 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 65 6e 67 6c 69 73 68 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 43 4f 55 4e 54 52 59 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 55 53 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 4d 45 44 49 41 5f 43 44 4e 5f 43 4f 4d 4d 55 4e 49 54 59 5f 55 52 4c 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 68 74 74 70 73 3a 5c 2f 5c 2f 63 64 6e 2e 66 61 73 74 6c 79 2e 73 74 65 61 6d 73 74 61 74 69 63 2e 63 6f 6d 5c 2f 73 74 65 61 6d 63 6f 6d 6d 75 6e 69 74 79 5c 2f 70 75 62 6c 69 63 5c 2f 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 4d 45 44 49 41 5f 43 44 4e 5f 55 52 4c 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 68 74 74
                                                                                                                                                                                                                                    Data Ascii: NIVERSE&quot;:&quot;public&quot;,&quot;LANGUAGE&quot;:&quot;english&quot;,&quot;COUNTRY&quot;:&quot;US&quot;,&quot;MEDIA_CDN_COMMUNITY_URL&quot;:&quot;https:\/\/cdn.fastly.steamstatic.com\/steamcommunity\/public\/&quot;,&quot;MEDIA_CDN_URL&quot;:&quot;htt


                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                    1192.168.2.449731104.21.66.86443480C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                    2024-12-27 21:30:01 UTC262OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                    Content-Length: 8
                                                                                                                                                                                                                                    Host: lev-tolstoi.com
                                                                                                                                                                                                                                    2024-12-27 21:30:01 UTC8OUTData Raw: 61 63 74 3d 6c 69 66 65
                                                                                                                                                                                                                                    Data Ascii: act=life
                                                                                                                                                                                                                                    2024-12-27 21:30:01 UTC1121INHTTP/1.1 200 OK
                                                                                                                                                                                                                                    Date: Fri, 27 Dec 2024 21:30:01 GMT
                                                                                                                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                    Set-Cookie: PHPSESSID=v2rjublua6etunj0ga8ao61ced; expires=Tue, 22 Apr 2025 15:16:40 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                    Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                    Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                    X-Frame-Options: DENY
                                                                                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                    X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                    cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                    vary: accept-encoding
                                                                                                                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EzLVikU889ILweIPlbEUVoS8nltgXKFn43wZvDqBfER%2Fb25vKfEU0OVwNm0HNZdo5bCvDSWXQwVAjhz3wNb4lTFd5buqK2xEW%2FrvihgiKEjLEuZEonPi9vU66UnKLd8IaTE%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                    Server: cloudflare
                                                                                                                                                                                                                                    CF-RAY: 8f8c68ce8c806a56-EWR
                                                                                                                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                    server-timing: cfL4;desc="?proto=TCP&rtt=1614&min_rtt=1606&rtt_var=619&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2835&recv_bytes=906&delivery_rate=1743283&cwnd=224&unsent_bytes=0&cid=d78ab9dca999f6de&ts=800&x=0"
                                                                                                                                                                                                                                    2024-12-27 21:30:01 UTC7INData Raw: 32 0d 0a 6f 6b 0d 0a
                                                                                                                                                                                                                                    Data Ascii: 2ok
                                                                                                                                                                                                                                    2024-12-27 21:30:01 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                    Data Ascii: 0


                                                                                                                                                                                                                                    Statistics

                                                                                                                                                                                                                                    CPU Usage

                                                                                                                                                                                                                                    Click to jump to process

                                                                                                                                                                                                                                    Memory Usage

                                                                                                                                                                                                                                    Click to jump to process

                                                                                                                                                                                                                                    High Level Behavior Distribution

                                                                                                                                                                                                                                    Click to dive into process behavior distribution

                                                                                                                                                                                                                                    Behavior

                                                                                                                                                                                                                                    Click to jump to process

                                                                                                                                                                                                                                    System Behavior

                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                    Target ID:0
                                                                                                                                                                                                                                    Start time:16:29:52
                                                                                                                                                                                                                                    Start date:27/12/2024
                                                                                                                                                                                                                                    Path:C:\Users\user\Desktop\Leside-.exe
                                                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                                                    Commandline:"C:\Users\user\Desktop\Leside-.exe"
                                                                                                                                                                                                                                    Imagebase:0x830000
                                                                                                                                                                                                                                    File size:651'264 bytes
                                                                                                                                                                                                                                    MD5 hash:54BB85BCE47C855C509A16B32970C38B
                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                    Reputation:low
                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                    Target ID:1
                                                                                                                                                                                                                                    Start time:16:29:52
                                                                                                                                                                                                                                    Start date:27/12/2024
                                                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                    Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                    Target ID:2
                                                                                                                                                                                                                                    Start time:16:29:53
                                                                                                                                                                                                                                    Start date:27/12/2024
                                                                                                                                                                                                                                    Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
                                                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                                                    Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe"
                                                                                                                                                                                                                                    Imagebase:0x660000
                                                                                                                                                                                                                                    File size:43'016 bytes
                                                                                                                                                                                                                                    MD5 hash:5D1D74198D75640E889F0A577BBF31FC
                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                    Reputation:moderate
                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                    Disassembly

                                                                                                                                                                                                                                    Reset < >

                                                                                                                                                                                                                                      Execution Graph

                                                                                                                                                                                                                                      Execution Coverage:9.9%
                                                                                                                                                                                                                                      Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                      Signature Coverage:12.4%
                                                                                                                                                                                                                                      Total number of Nodes:1516
                                                                                                                                                                                                                                      Total number of Limit Nodes:11
                                                                                                                                                                                                                                      execution_graph 12995 6ce0c260 13014 6ce1c350 12995->13014 12998 6ce1c350 26 API calls 12999 6ce0c2b5 12998->12999 13000 6ce1c350 26 API calls 12999->13000 13001 6ce0c310 13000->13001 13002 6ce1c350 26 API calls 13001->13002 13003 6ce0c327 13002->13003 13004 6ce1c350 26 API calls 13003->13004 13012 6ce0c33b 13004->13012 13005 6ce0ca53 13029 6ce1cc50 13005->13029 13006 6ce1cc50 25 API calls 13006->13012 13009 6ce3bf90 _ValidateLocalCookies 5 API calls 13010 6ce0cab8 13009->13010 13011 6ce1c350 26 API calls 13011->13012 13012->13005 13012->13006 13012->13011 13022 6ce01020 13012->13022 13016 6ce1c3ab 13014->13016 13015 6ce237b0 IsProcessorFeaturePresent SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 13015->13016 13016->13015 13017 6ce243c0 26 API calls 13016->13017 13018 6ce23590 IsProcessorFeaturePresent SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 13016->13018 13019 6ce1c9a3 13016->13019 13017->13016 13018->13016 13020 6ce3bf90 _ValidateLocalCookies 5 API calls 13019->13020 13021 6ce0c29f 13020->13021 13021->12998 13027 6ce01079 13022->13027 13023 6ce1c350 26 API calls 13023->13027 13024 6ce0145b 13025 6ce3bf90 _ValidateLocalCookies 5 API calls 13024->13025 13026 6ce0146e 13025->13026 13026->13012 13027->13023 13027->13024 13028 6ce1cc50 25 API calls 13027->13028 13028->13027 13032 6ce1cc61 13029->13032 13030 6ce1e3b0 IsProcessorFeaturePresent SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 13030->13032 13032->13030 13033 6ce0caa5 13032->13033 13034 6ce1d750 13032->13034 13033->13009 13035 6ce1d76c 13034->13035 13038 6ce1e1f2 13035->13038 13041 6ce20190 25 API calls 13035->13041 13042 6ce1eab0 13035->13042 13046 6ce1f970 13035->13046 13039 6ce3bf90 _ValidateLocalCookies 5 API calls 13038->13039 13040 6ce1e214 13039->13040 13040->13032 13041->13035 13043 6ce1eafd 13042->13043 13044 6ce3bf90 _ValidateLocalCookies 5 API calls 13043->13044 13045 6ce1f298 13044->13045 13045->13035 13048 6ce1f982 13046->13048 13047 6ce1fe82 13047->13035 13048->13047 13049 6ce20db0 IsProcessorFeaturePresent SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 13048->13049 13049->13048 13050 6ce420a5 GetStartupInfoW 13051 6ce420c2 13050->13051 13052 6ce42156 13050->13052 13051->13052 13056 6ce43c71 13051->13056 13054 6ce420ea 13054->13052 13055 6ce4211a GetFileType 13054->13055 13055->13054 13057 6ce43c7d ___scrt_is_nonwritable_in_current_image 13056->13057 13058 6ce43c86 13057->13058 13059 6ce43ca7 13057->13059 13061 6ce4074b _free 14 API calls 13058->13061 13072 6ce405ba EnterCriticalSection 13059->13072 13062 6ce43c8b 13061->13062 13069 6ce3ef28 13062->13069 13064 6ce43c95 13064->13054 13065 6ce43cb3 13068 6ce43cdf 13065->13068 13073 6ce43bc1 13065->13073 13080 6ce43d06 13068->13080 13083 6ce3eec4 13069->13083 13071 6ce3ef34 13071->13064 13072->13065 13074 6ce4075e __dosmaperr 14 API calls 13073->13074 13075 6ce43bd3 13074->13075 13079 6ce43be0 13075->13079 13101 6ce41f50 13075->13101 13076 6ce40667 _free 14 API calls 13078 6ce43c35 13076->13078 13078->13065 13079->13076 13106 6ce40602 LeaveCriticalSection 13080->13106 13082 6ce43d0d 13082->13064 13084 6ce4047e __dosmaperr 14 API calls 13083->13084 13085 6ce3eecf 13084->13085 13089 6ce3eedd 13085->13089 13091 6ce3ef55 IsProcessorFeaturePresent 13085->13091 13087 6ce3ef27 13088 6ce3eec4 ___std_exception_copy 25 API calls 13087->13088 13090 6ce3ef34 13088->13090 13089->13071 13090->13071 13092 6ce3ef61 13091->13092 13095 6ce3ed7c 13092->13095 13096 6ce3ed98 __DllMainCRTStartup@12 std::bad_exception::bad_exception 13095->13096 13097 6ce3edc4 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 13096->13097 13100 6ce3ee95 __DllMainCRTStartup@12 13097->13100 13098 6ce3bf90 _ValidateLocalCookies 5 API calls 13099 6ce3eeb3 GetCurrentProcess TerminateProcess 13098->13099 13099->13087 13100->13098 13102 6ce41d6f __dosmaperr 5 API calls 13101->13102 13103 6ce41f6c 13102->13103 13104 6ce41f8a InitializeCriticalSectionAndSpinCount 13103->13104 13105 6ce41f75 13103->13105 13104->13105 13105->13075 13106->13082 13107 6ce38260 13111 6ce382b5 13107->13111 13108 6ce38553 13109 6ce3bf90 _ValidateLocalCookies 5 API calls 13108->13109 13110 6ce3855d 13109->13110 13111->13108 13113 6ce37c50 13111->13113 13114 6ce37c62 13113->13114 13117 6ce3d50f 13114->13117 13118 6ce381fc 13117->13118 13119 6ce3d51c 13117->13119 13118->13111 13120 6ce3f0be ___std_type_info_destroy_list 14 API calls 13119->13120 13120->13118 13121 6ce45860 13124 6ce4587e 13121->13124 13123 6ce45876 13128 6ce45883 13124->13128 13126 6ce45918 13126->13123 13128->13126 13129 6ce46143 13128->13129 13130 6ce46156 DecodePointer 13129->13130 13131 6ce46166 13129->13131 13130->13131 13132 6ce461aa 13131->13132 13133 6ce46195 13131->13133 13136 6ce45aaf 13131->13136 13134 6ce4074b _free 14 API calls 13132->13134 13132->13136 13135 6ce4074b _free 14 API calls 13133->13135 13133->13136 13134->13136 13135->13136 13136->13123 13137 6ce436a0 13140 6ce436b7 13137->13140 13139 6ce436b2 13141 6ce436c5 13140->13141 13142 6ce436d9 13140->13142 13143 6ce4074b _free 14 API calls 13141->13143 13144 6ce436e1 13142->13144 13147 6ce436f3 13142->13147 13145 6ce436ca 13143->13145 13146 6ce4074b _free 14 API calls 13144->13146 13148 6ce3ef28 ___std_exception_copy 25 API calls 13145->13148 13149 6ce436e6 13146->13149 13151 6ce436f1 13147->13151 13154 6ce3fe4f 13147->13154 13152 6ce436d5 13148->13152 13153 6ce3ef28 ___std_exception_copy 25 API calls 13149->13153 13151->13139 13152->13139 13153->13151 13155 6ce3fe6f 13154->13155 13161 6ce40327 GetLastError 13155->13161 13162 6ce4033e 13161->13162 13163 6ce40344 13161->13163 13165 6ce41ecf __dosmaperr 6 API calls 13162->13165 13164 6ce41f0e __dosmaperr 6 API calls 13163->13164 13186 6ce4034a SetLastError 13163->13186 13166 6ce40362 13164->13166 13165->13163 13167 6ce4075e __dosmaperr 14 API calls 13166->13167 13166->13186 13169 6ce40372 13167->13169 13170 6ce40391 13169->13170 13171 6ce4037a 13169->13171 13174 6ce41f0e __dosmaperr 6 API calls 13170->13174 13175 6ce41f0e __dosmaperr 6 API calls 13171->13175 13172 6ce403de 13196 6ce3fe0b 13172->13196 13173 6ce3fe8f 13188 6ce42bbe 13173->13188 13178 6ce4039d 13174->13178 13179 6ce40388 13175->13179 13180 6ce403a1 13178->13180 13181 6ce403b2 13178->13181 13184 6ce40667 _free 14 API calls 13179->13184 13182 6ce41f0e __dosmaperr 6 API calls 13180->13182 13183 6ce40129 __dosmaperr 14 API calls 13181->13183 13182->13179 13185 6ce403bd 13183->13185 13184->13186 13187 6ce40667 _free 14 API calls 13185->13187 13186->13172 13186->13173 13187->13186 13189 6ce42bd1 13188->13189 13190 6ce3fea5 13188->13190 13189->13190 13258 6ce42fcc 13189->13258 13192 6ce42beb 13190->13192 13193 6ce42c13 13192->13193 13194 6ce42bfe 13192->13194 13194->13193 13280 6ce416f0 13194->13280 13207 6ce42402 13196->13207 13199 6ce3fe1b 13201 6ce3fe25 IsProcessorFeaturePresent 13199->13201 13206 6ce3fe44 13199->13206 13202 6ce3fe31 13201->13202 13204 6ce3ed7c __fassign 8 API calls 13202->13204 13204->13206 13237 6ce3f558 13206->13237 13240 6ce42334 13207->13240 13210 6ce42447 13211 6ce42453 ___scrt_is_nonwritable_in_current_image 13210->13211 13212 6ce4047e __dosmaperr 14 API calls 13211->13212 13216 6ce42480 __fassign 13211->13216 13217 6ce4247a __fassign 13211->13217 13212->13217 13213 6ce424c7 13214 6ce4074b _free 14 API calls 13213->13214 13215 6ce424cc 13214->13215 13218 6ce3ef28 ___std_exception_copy 25 API calls 13215->13218 13219 6ce424f3 13216->13219 13251 6ce405ba EnterCriticalSection 13216->13251 13217->13213 13217->13216 13236 6ce424b1 13217->13236 13218->13236 13222 6ce42535 13219->13222 13223 6ce42626 13219->13223 13233 6ce42564 13219->13233 13228 6ce40327 __fassign 37 API calls 13222->13228 13222->13233 13225 6ce42631 13223->13225 13256 6ce40602 LeaveCriticalSection 13223->13256 13227 6ce3f558 __fassign 23 API calls 13225->13227 13229 6ce42639 13227->13229 13231 6ce42559 13228->13231 13230 6ce40327 __fassign 37 API calls 13234 6ce425b9 13230->13234 13232 6ce40327 __fassign 37 API calls 13231->13232 13232->13233 13252 6ce425d3 13233->13252 13235 6ce40327 __fassign 37 API calls 13234->13235 13234->13236 13235->13236 13236->13199 13238 6ce3f3fe __DllMainCRTStartup@12 23 API calls 13237->13238 13239 6ce3f569 13238->13239 13241 6ce42340 ___scrt_is_nonwritable_in_current_image 13240->13241 13246 6ce405ba EnterCriticalSection 13241->13246 13243 6ce4234e 13247 6ce4238c 13243->13247 13246->13243 13250 6ce40602 LeaveCriticalSection 13247->13250 13249 6ce3fe10 13249->13199 13249->13210 13250->13249 13251->13219 13253 6ce425d9 13252->13253 13255 6ce425aa 13252->13255 13257 6ce40602 LeaveCriticalSection 13253->13257 13255->13230 13255->13234 13255->13236 13256->13225 13257->13255 13259 6ce42fd8 ___scrt_is_nonwritable_in_current_image 13258->13259 13260 6ce40327 __fassign 37 API calls 13259->13260 13261 6ce42fe1 13260->13261 13268 6ce43027 13261->13268 13271 6ce405ba EnterCriticalSection 13261->13271 13263 6ce42fff 13272 6ce4304d 13263->13272 13268->13190 13269 6ce3fe0b __fassign 37 API calls 13270 6ce4304c 13269->13270 13271->13263 13273 6ce43010 13272->13273 13274 6ce4305b __fassign 13272->13274 13276 6ce4302c 13273->13276 13274->13273 13275 6ce42d80 __fassign 14 API calls 13274->13275 13275->13273 13279 6ce40602 LeaveCriticalSection 13276->13279 13278 6ce43023 13278->13268 13278->13269 13279->13278 13281 6ce40327 __fassign 37 API calls 13280->13281 13282 6ce416fa 13281->13282 13285 6ce41608 13282->13285 13286 6ce41614 ___scrt_is_nonwritable_in_current_image 13285->13286 13289 6ce4162e 13286->13289 13296 6ce405ba EnterCriticalSection 13286->13296 13288 6ce41635 13288->13193 13289->13288 13292 6ce3fe0b __fassign 37 API calls 13289->13292 13290 6ce4166a 13297 6ce41687 13290->13297 13293 6ce416a7 13292->13293 13294 6ce4163e 13294->13290 13295 6ce40667 _free 14 API calls 13294->13295 13295->13290 13296->13294 13300 6ce40602 LeaveCriticalSection 13297->13300 13299 6ce4168e 13299->13289 13300->13299 13301 6ce41b69 GetEnvironmentStringsW 13302 6ce41b80 13301->13302 13303 6ce41bd6 13301->13303 13313 6ce41a7b 13302->13313 13304 6ce41be6 13303->13304 13305 6ce41bdf FreeEnvironmentStringsW 13303->13305 13305->13304 13307 6ce41b99 13307->13303 13316 6ce40619 13307->13316 13310 6ce41bc1 13312 6ce40667 _free 14 API calls 13310->13312 13311 6ce41a7b ___scrt_uninitialize_crt WideCharToMultiByte 13311->13310 13312->13303 13314 6ce41a92 WideCharToMultiByte 13313->13314 13314->13307 13317 6ce40657 13316->13317 13321 6ce40627 __dosmaperr 13316->13321 13319 6ce4074b _free 14 API calls 13317->13319 13318 6ce40642 HeapAlloc 13320 6ce40655 13318->13320 13318->13321 13319->13320 13320->13310 13320->13311 13321->13317 13321->13318 13322 6ce3f02a __dosmaperr 2 API calls 13321->13322 13322->13321 13323 6ce45074 13324 6ce45096 13323->13324 13325 6ce45081 13323->13325 13328 6ce42870 ___scrt_uninitialize_crt 62 API calls 13324->13328 13331 6ce45091 13324->13331 13326 6ce4074b _free 14 API calls 13325->13326 13327 6ce45086 13326->13327 13329 6ce3ef28 ___std_exception_copy 25 API calls 13327->13329 13330 6ce450ab 13328->13330 13329->13331 13339 6ce44a61 13330->13339 13334 6ce42c18 ___scrt_uninitialize_crt 25 API calls 13335 6ce450b9 13334->13335 13343 6ce456e7 13335->13343 13338 6ce40667 _free 14 API calls 13338->13331 13340 6ce44a8a 13339->13340 13341 6ce44a78 13339->13341 13340->13334 13341->13340 13342 6ce40667 _free 14 API calls 13341->13342 13342->13340 13344 6ce456f8 13343->13344 13346 6ce4570d 13343->13346 13358 6ce40738 13344->13358 13345 6ce45756 13348 6ce40738 __dosmaperr 14 API calls 13345->13348 13346->13345 13350 6ce45734 13346->13350 13351 6ce4575b 13348->13351 13361 6ce4565b 13350->13361 13354 6ce4074b _free 14 API calls 13351->13354 13352 6ce4074b _free 14 API calls 13355 6ce450bf 13352->13355 13356 6ce45763 13354->13356 13355->13331 13355->13338 13357 6ce3ef28 ___std_exception_copy 25 API calls 13356->13357 13357->13355 13359 6ce4047e __dosmaperr 14 API calls 13358->13359 13360 6ce4073d 13359->13360 13360->13352 13362 6ce45667 ___scrt_is_nonwritable_in_current_image 13361->13362 13372 6ce43d0f EnterCriticalSection 13362->13372 13364 6ce45675 13365 6ce456a7 13364->13365 13366 6ce4569c 13364->13366 13368 6ce4074b _free 14 API calls 13365->13368 13373 6ce45774 13366->13373 13369 6ce456a2 13368->13369 13388 6ce456db 13369->13388 13372->13364 13391 6ce43de6 13373->13391 13375 6ce4578a 13404 6ce43d55 13375->13404 13376 6ce45784 13376->13375 13378 6ce457bc 13376->13378 13381 6ce43de6 ___scrt_uninitialize_crt 25 API calls 13376->13381 13378->13375 13379 6ce43de6 ___scrt_uninitialize_crt 25 API calls 13378->13379 13382 6ce457c8 CloseHandle 13379->13382 13384 6ce457b3 13381->13384 13382->13375 13385 6ce457d4 GetLastError 13382->13385 13383 6ce45804 13383->13369 13387 6ce43de6 ___scrt_uninitialize_crt 25 API calls 13384->13387 13385->13375 13387->13378 13418 6ce43d32 LeaveCriticalSection 13388->13418 13390 6ce456c4 13390->13355 13392 6ce43df3 13391->13392 13394 6ce43e08 13391->13394 13393 6ce40738 __dosmaperr 14 API calls 13392->13393 13396 6ce43df8 13393->13396 13395 6ce40738 __dosmaperr 14 API calls 13394->13395 13397 6ce43e2d 13394->13397 13398 6ce43e38 13395->13398 13399 6ce4074b _free 14 API calls 13396->13399 13397->13376 13400 6ce4074b _free 14 API calls 13398->13400 13401 6ce43e00 13399->13401 13402 6ce43e40 13400->13402 13401->13376 13403 6ce3ef28 ___std_exception_copy 25 API calls 13402->13403 13403->13401 13405 6ce43d64 13404->13405 13406 6ce43dcb 13404->13406 13405->13406 13412 6ce43d8e 13405->13412 13407 6ce4074b _free 14 API calls 13406->13407 13408 6ce43dd0 13407->13408 13409 6ce40738 __dosmaperr 14 API calls 13408->13409 13410 6ce43dbb 13409->13410 13410->13383 13413 6ce40715 13410->13413 13411 6ce43db5 SetStdHandle 13411->13410 13412->13410 13412->13411 13414 6ce40738 __dosmaperr 14 API calls 13413->13414 13415 6ce40720 _free 13414->13415 13416 6ce4074b _free 14 API calls 13415->13416 13417 6ce40733 13416->13417 13417->13383 13418->13390 13419 6ce46337 13420 6ce46350 __startOneArgErrorHandling 13419->13420 13422 6ce46379 __startOneArgErrorHandling 13420->13422 13423 6ce46775 13420->13423 13424 6ce467ae __startOneArgErrorHandling 13423->13424 13426 6ce467d5 __startOneArgErrorHandling 13424->13426 13434 6ce46a51 13424->13434 13427 6ce46818 13426->13427 13428 6ce467f3 13426->13428 13446 6ce46d47 13427->13446 13438 6ce46d76 13428->13438 13431 6ce46813 __startOneArgErrorHandling 13432 6ce3bf90 _ValidateLocalCookies 5 API calls 13431->13432 13433 6ce4683c 13432->13433 13433->13422 13435 6ce46a7c __raise_exc 13434->13435 13436 6ce46c75 RaiseException 13435->13436 13437 6ce46c8e 13436->13437 13437->13426 13439 6ce46d85 13438->13439 13440 6ce46df9 __startOneArgErrorHandling 13439->13440 13442 6ce46da4 __startOneArgErrorHandling 13439->13442 13441 6ce46d47 __startOneArgErrorHandling 14 API calls 13440->13441 13443 6ce46e0e 13441->13443 13444 6ce46d47 __startOneArgErrorHandling 14 API calls 13442->13444 13445 6ce46df2 13442->13445 13443->13431 13444->13445 13445->13431 13447 6ce46d54 13446->13447 13448 6ce46d69 13446->13448 13449 6ce46d6e 13447->13449 13451 6ce4074b _free 14 API calls 13447->13451 13450 6ce4074b _free 14 API calls 13448->13450 13449->13431 13450->13449 13452 6ce46d61 13451->13452 13452->13431 13453 6ce460f0 13454 6ce46110 13453->13454 13457 6ce46623 13454->13457 13458 6ce46662 __startOneArgErrorHandling 13457->13458 13460 6ce466e4 __startOneArgErrorHandling 13458->13460 13465 6ce46a2e 13458->13465 13461 6ce46d47 __startOneArgErrorHandling 14 API calls 13460->13461 13462 6ce46719 13460->13462 13461->13462 13463 6ce3bf90 _ValidateLocalCookies 5 API calls 13462->13463 13464 6ce46130 13463->13464 13466 6ce46a51 __raise_exc RaiseException 13465->13466 13467 6ce46a4c 13466->13467 13467->13460 13468 6ce430b0 13469 6ce430ea 13468->13469 13470 6ce4074b _free 14 API calls 13469->13470 13475 6ce430fe 13469->13475 13471 6ce430f3 13470->13471 13472 6ce3ef28 ___std_exception_copy 25 API calls 13471->13472 13472->13475 13473 6ce3bf90 _ValidateLocalCookies 5 API calls 13474 6ce4310b 13473->13474 13475->13473 13476 6ce40971 13477 6ce40981 13476->13477 13486 6ce40995 13476->13486 13478 6ce4074b _free 14 API calls 13477->13478 13479 6ce40986 13478->13479 13480 6ce3ef28 ___std_exception_copy 25 API calls 13479->13480 13492 6ce40990 13480->13492 13482 6ce40a71 13485 6ce40a7a 13482->13485 13493 6ce40b55 13482->13493 13521 6ce43651 13482->13521 13483 6ce40a0c 13483->13483 13515 6ce3f81f 13483->13515 13487 6ce40667 _free 14 API calls 13485->13487 13486->13483 13488 6ce40a85 13486->13488 13497 6ce40b60 13486->13497 13487->13488 13491 6ce40667 _free 14 API calls 13488->13491 13495 6ce40b41 13488->13495 13490 6ce40667 _free 14 API calls 13490->13492 13491->13488 13494 6ce3ef55 ___std_exception_copy 11 API calls 13493->13494 13496 6ce40b5f 13494->13496 13495->13490 13498 6ce40b6c 13497->13498 13498->13498 13499 6ce4075e __dosmaperr 14 API calls 13498->13499 13500 6ce40b9a 13499->13500 13501 6ce43651 25 API calls 13500->13501 13502 6ce40bc6 13501->13502 13503 6ce3ef55 ___std_exception_copy 11 API calls 13502->13503 13504 6ce40c10 13503->13504 13530 6ce40e68 13504->13530 13509 6ce40d26 13510 6ce40e68 37 API calls 13509->13510 13511 6ce40d63 13510->13511 13538 6ce40885 13511->13538 13514 6ce40b60 43 API calls 13516 6ce3f830 13515->13516 13517 6ce3f862 13515->13517 13516->13517 13518 6ce4075e __dosmaperr 14 API calls 13516->13518 13517->13482 13519 6ce3f859 13518->13519 13520 6ce40667 _free 14 API calls 13519->13520 13520->13517 13525 6ce4359e 13521->13525 13522 6ce435b6 13523 6ce435ca 13522->13523 13524 6ce4074b _free 14 API calls 13522->13524 13523->13482 13529 6ce435c0 13524->13529 13525->13522 13525->13523 13527 6ce435ee 13525->13527 13526 6ce3ef28 ___std_exception_copy 25 API calls 13526->13523 13527->13523 13528 6ce4074b _free 14 API calls 13527->13528 13528->13529 13529->13526 13531 6ce3fe4f __fassign 37 API calls 13530->13531 13532 6ce40e7a 13531->13532 13533 6ce40cd8 13532->13533 13561 6ce41e32 13532->13561 13535 6ce40954 13533->13535 13567 6ce407d3 13535->13567 13539 6ce40893 13538->13539 13540 6ce408af 13538->13540 13541 6ce40ea7 14 API calls 13539->13541 13542 6ce408d6 13540->13542 13543 6ce408b6 13540->13543 13547 6ce4089d 13541->13547 13544 6ce41a7b ___scrt_uninitialize_crt WideCharToMultiByte 13542->13544 13543->13547 13600 6ce40ec1 13543->13600 13546 6ce408e6 13544->13546 13548 6ce40903 13546->13548 13549 6ce408ed GetLastError 13546->13549 13547->13514 13551 6ce40914 13548->13551 13554 6ce40ec1 15 API calls 13548->13554 13550 6ce40715 __dosmaperr 14 API calls 13549->13550 13553 6ce408f9 13550->13553 13551->13547 13552 6ce41a7b ___scrt_uninitialize_crt WideCharToMultiByte 13551->13552 13555 6ce4092c 13552->13555 13556 6ce4074b _free 14 API calls 13553->13556 13554->13551 13555->13547 13557 6ce40933 GetLastError 13555->13557 13556->13547 13558 6ce40715 __dosmaperr 14 API calls 13557->13558 13559 6ce4093f 13558->13559 13560 6ce4074b _free 14 API calls 13559->13560 13560->13547 13564 6ce41c5a 13561->13564 13565 6ce41d6f __dosmaperr 5 API calls 13564->13565 13566 6ce41c70 13565->13566 13566->13533 13568 6ce407e1 13567->13568 13569 6ce407fb 13567->13569 13585 6ce40ea7 13568->13585 13571 6ce40821 13569->13571 13572 6ce40802 13569->13572 13594 6ce419ff 13571->13594 13573 6ce407eb FindFirstFileExW 13572->13573 13589 6ce40efd 13572->13589 13573->13509 13576 6ce40837 GetLastError 13577 6ce40715 __dosmaperr 14 API calls 13576->13577 13580 6ce40843 13577->13580 13578 6ce40830 13578->13576 13579 6ce4085d 13578->13579 13581 6ce40efd 15 API calls 13578->13581 13579->13573 13582 6ce419ff __fassign MultiByteToWideChar 13579->13582 13583 6ce4074b _free 14 API calls 13580->13583 13581->13579 13584 6ce40874 13582->13584 13583->13573 13584->13573 13584->13576 13586 6ce40eb2 13585->13586 13588 6ce40eba 13585->13588 13587 6ce40667 _free 14 API calls 13586->13587 13587->13588 13588->13573 13590 6ce40ea7 14 API calls 13589->13590 13591 6ce40f0b 13590->13591 13597 6ce40f3c 13591->13597 13595 6ce41a10 MultiByteToWideChar 13594->13595 13595->13578 13598 6ce40619 15 API calls 13597->13598 13599 6ce40f1c 13598->13599 13599->13573 13601 6ce40ea7 14 API calls 13600->13601 13602 6ce40ecf 13601->13602 13603 6ce40f3c 15 API calls 13602->13603 13604 6ce40edd 13603->13604 13604->13547 13605 6ce3f575 13606 6ce3f58c 13605->13606 13616 6ce3f585 13605->13616 13607 6ce3f5ad 13606->13607 13609 6ce3f597 13606->13609 13629 6ce416a8 13607->13629 13611 6ce4074b _free 14 API calls 13609->13611 13612 6ce3f59c 13611->13612 13614 6ce3ef28 ___std_exception_copy 25 API calls 13612->13614 13614->13616 13619 6ce3f81f 14 API calls 13620 6ce3f608 13619->13620 13621 6ce3f611 13620->13621 13622 6ce3f61d 13620->13622 13623 6ce4074b _free 14 API calls 13621->13623 13624 6ce3f6ab 37 API calls 13622->13624 13628 6ce3f616 13623->13628 13626 6ce3f635 13624->13626 13625 6ce40667 _free 14 API calls 13625->13616 13627 6ce40667 _free 14 API calls 13626->13627 13626->13628 13627->13628 13628->13625 13630 6ce416b1 13629->13630 13631 6ce3f5b3 13629->13631 13651 6ce403e4 13630->13651 13635 6ce410ef GetModuleFileNameW 13631->13635 13636 6ce4111e GetLastError 13635->13636 13637 6ce4112f 13635->13637 13638 6ce40715 __dosmaperr 14 API calls 13636->13638 13639 6ce40e68 37 API calls 13637->13639 13640 6ce4112a 13638->13640 13641 6ce41160 13639->13641 13643 6ce3bf90 _ValidateLocalCookies 5 API calls 13640->13643 13825 6ce40fed 13641->13825 13644 6ce3f5c6 13643->13644 13645 6ce3f6ab 13644->13645 13647 6ce3f6d0 13645->13647 13649 6ce3f730 13647->13649 13850 6ce419ce 13647->13850 13648 6ce3f5fb 13648->13619 13649->13648 13650 6ce419ce 37 API calls 13649->13650 13650->13649 13652 6ce403f5 13651->13652 13653 6ce403ef 13651->13653 13655 6ce41f0e __dosmaperr 6 API calls 13652->13655 13675 6ce403fb 13652->13675 13654 6ce41ecf __dosmaperr 6 API calls 13653->13654 13654->13652 13656 6ce4040f 13655->13656 13658 6ce4075e __dosmaperr 14 API calls 13656->13658 13656->13675 13657 6ce3fe0b __fassign 37 API calls 13660 6ce4047d 13657->13660 13659 6ce4041f 13658->13659 13661 6ce40427 13659->13661 13662 6ce4043c 13659->13662 13664 6ce41f0e __dosmaperr 6 API calls 13661->13664 13665 6ce41f0e __dosmaperr 6 API calls 13662->13665 13663 6ce40474 13676 6ce414f4 13663->13676 13672 6ce40433 13664->13672 13666 6ce40448 13665->13666 13667 6ce4044c 13666->13667 13668 6ce4045b 13666->13668 13670 6ce41f0e __dosmaperr 6 API calls 13667->13670 13671 6ce40129 __dosmaperr 14 API calls 13668->13671 13669 6ce40667 _free 14 API calls 13669->13675 13670->13672 13673 6ce40466 13671->13673 13672->13669 13674 6ce40667 _free 14 API calls 13673->13674 13674->13675 13675->13657 13675->13663 13677 6ce41608 __fassign 37 API calls 13676->13677 13678 6ce41507 13677->13678 13695 6ce4129e 13678->13695 13681 6ce41520 13681->13631 13682 6ce40619 15 API calls 13683 6ce41531 13682->13683 13684 6ce41563 13683->13684 13702 6ce41703 13683->13702 13687 6ce40667 _free 14 API calls 13684->13687 13689 6ce41571 13687->13689 13688 6ce4155e 13690 6ce4074b _free 14 API calls 13688->13690 13689->13631 13690->13684 13691 6ce415a5 13691->13684 13713 6ce41190 13691->13713 13692 6ce41579 13692->13691 13693 6ce40667 _free 14 API calls 13692->13693 13693->13691 13696 6ce3fe4f __fassign 37 API calls 13695->13696 13697 6ce412b0 13696->13697 13698 6ce412d1 13697->13698 13699 6ce412bf GetOEMCP 13697->13699 13700 6ce412e8 13698->13700 13701 6ce412d6 GetACP 13698->13701 13699->13700 13700->13681 13700->13682 13701->13700 13703 6ce4129e 39 API calls 13702->13703 13704 6ce41723 13703->13704 13706 6ce4175d IsValidCodePage 13704->13706 13710 6ce41799 std::bad_exception::bad_exception 13704->13710 13705 6ce3bf90 _ValidateLocalCookies 5 API calls 13707 6ce41556 13705->13707 13708 6ce4176f 13706->13708 13706->13710 13707->13688 13707->13692 13709 6ce4179e GetCPInfo 13708->13709 13712 6ce41778 std::bad_exception::bad_exception 13708->13712 13709->13710 13709->13712 13710->13705 13721 6ce41374 13712->13721 13714 6ce4119c ___scrt_is_nonwritable_in_current_image 13713->13714 13799 6ce405ba EnterCriticalSection 13714->13799 13716 6ce411a6 13800 6ce411dd 13716->13800 13722 6ce4139c GetCPInfo 13721->13722 13723 6ce41465 13721->13723 13722->13723 13728 6ce413b4 13722->13728 13724 6ce3bf90 _ValidateLocalCookies 5 API calls 13723->13724 13725 6ce414f2 13724->13725 13725->13710 13732 6ce43744 13728->13732 13731 6ce43a51 41 API calls 13731->13723 13733 6ce3fe4f __fassign 37 API calls 13732->13733 13734 6ce43764 13733->13734 13735 6ce419ff __fassign MultiByteToWideChar 13734->13735 13737 6ce43791 13735->13737 13736 6ce43822 13738 6ce3bf90 _ValidateLocalCookies 5 API calls 13736->13738 13737->13736 13739 6ce40619 15 API calls 13737->13739 13743 6ce437b7 std::bad_exception::bad_exception 13737->13743 13740 6ce4141c 13738->13740 13739->13743 13747 6ce43a51 13740->13747 13741 6ce4381c 13752 6ce43847 13741->13752 13743->13741 13744 6ce419ff __fassign MultiByteToWideChar 13743->13744 13745 6ce43805 13744->13745 13745->13741 13746 6ce4380c GetStringTypeW 13745->13746 13746->13741 13748 6ce3fe4f __fassign 37 API calls 13747->13748 13749 6ce43a64 13748->13749 13756 6ce43867 13749->13756 13753 6ce43864 13752->13753 13754 6ce43853 13752->13754 13753->13736 13754->13753 13755 6ce40667 _free 14 API calls 13754->13755 13755->13753 13757 6ce43882 13756->13757 13758 6ce419ff __fassign MultiByteToWideChar 13757->13758 13762 6ce438c6 13758->13762 13759 6ce43a2b 13760 6ce3bf90 _ValidateLocalCookies 5 API calls 13759->13760 13761 6ce4143d 13760->13761 13761->13731 13762->13759 13763 6ce40619 15 API calls 13762->13763 13766 6ce438eb 13762->13766 13763->13766 13764 6ce43990 13768 6ce43847 __freea 14 API calls 13764->13768 13765 6ce419ff __fassign MultiByteToWideChar 13767 6ce43931 13765->13767 13766->13764 13766->13765 13767->13764 13784 6ce41f9b 13767->13784 13768->13759 13771 6ce43967 13771->13764 13774 6ce41f9b 6 API calls 13771->13774 13772 6ce4399f 13775 6ce40619 15 API calls 13772->13775 13778 6ce439b1 13772->13778 13773 6ce43a1c 13777 6ce43847 __freea 14 API calls 13773->13777 13774->13764 13775->13778 13776 6ce41f9b 6 API calls 13779 6ce439f9 13776->13779 13777->13764 13778->13773 13778->13776 13779->13773 13780 6ce41a7b ___scrt_uninitialize_crt WideCharToMultiByte 13779->13780 13781 6ce43a13 13780->13781 13781->13773 13782 6ce43a48 13781->13782 13783 6ce43847 __freea 14 API calls 13782->13783 13783->13764 13790 6ce41c74 13784->13790 13788 6ce41fac 13788->13764 13788->13771 13788->13772 13789 6ce41fec LCMapStringW 13789->13788 13791 6ce41d6f __dosmaperr 5 API calls 13790->13791 13792 6ce41c8a 13791->13792 13792->13788 13793 6ce41ff8 13792->13793 13796 6ce41c8e 13793->13796 13795 6ce42003 13795->13789 13797 6ce41d6f __dosmaperr 5 API calls 13796->13797 13798 6ce41ca4 13797->13798 13798->13795 13799->13716 13810 6ce418f6 13800->13810 13802 6ce411ff 13803 6ce418f6 25 API calls 13802->13803 13804 6ce4121e 13803->13804 13805 6ce411b3 13804->13805 13806 6ce40667 _free 14 API calls 13804->13806 13807 6ce411d1 13805->13807 13806->13805 13824 6ce40602 LeaveCriticalSection 13807->13824 13809 6ce411bf 13809->13684 13811 6ce41907 13810->13811 13819 6ce41903 ___scrt_uninitialize_crt 13810->13819 13812 6ce4190e 13811->13812 13814 6ce41921 std::bad_exception::bad_exception 13811->13814 13813 6ce4074b _free 14 API calls 13812->13813 13815 6ce41913 13813->13815 13817 6ce4194f 13814->13817 13818 6ce41958 13814->13818 13814->13819 13816 6ce3ef28 ___std_exception_copy 25 API calls 13815->13816 13816->13819 13820 6ce4074b _free 14 API calls 13817->13820 13818->13819 13821 6ce4074b _free 14 API calls 13818->13821 13819->13802 13822 6ce41954 13820->13822 13821->13822 13823 6ce3ef28 ___std_exception_copy 25 API calls 13822->13823 13823->13819 13824->13809 13826 6ce41009 13825->13826 13827 6ce40ffa 13825->13827 13828 6ce41036 13826->13828 13829 6ce41011 13826->13829 13827->13640 13830 6ce41a7b ___scrt_uninitialize_crt WideCharToMultiByte 13828->13830 13829->13827 13846 6ce410b4 13829->13846 13832 6ce41046 13830->13832 13833 6ce41063 13832->13833 13834 6ce4104d GetLastError 13832->13834 13836 6ce41074 13833->13836 13838 6ce410b4 14 API calls 13833->13838 13835 6ce40715 __dosmaperr 14 API calls 13834->13835 13837 6ce41059 13835->13837 13836->13827 13839 6ce41a7b ___scrt_uninitialize_crt WideCharToMultiByte 13836->13839 13840 6ce4074b _free 14 API calls 13837->13840 13838->13836 13841 6ce4108c 13839->13841 13840->13827 13841->13827 13842 6ce41093 GetLastError 13841->13842 13843 6ce40715 __dosmaperr 14 API calls 13842->13843 13844 6ce4109f 13843->13844 13845 6ce4074b _free 14 API calls 13844->13845 13845->13827 13847 6ce410bf 13846->13847 13848 6ce4074b _free 14 API calls 13847->13848 13849 6ce410c8 13848->13849 13849->13827 13853 6ce41977 13850->13853 13854 6ce3fe4f __fassign 37 API calls 13853->13854 13855 6ce4198b 13854->13855 13855->13647 13856 6ce3f9f4 13857 6ce3fa06 13856->13857 13858 6ce3fa0c 13856->13858 13860 6ce3f99c 13857->13860 13861 6ce3f9a9 13860->13861 13862 6ce3f9c6 13860->13862 13863 6ce3f9c0 13861->13863 13865 6ce40667 _free 14 API calls 13861->13865 13862->13858 13864 6ce40667 _free 14 API calls 13863->13864 13864->13862 13865->13861 13866 6ce43c3c 13867 6ce43c6b 13866->13867 13868 6ce43c49 13866->13868 13869 6ce43c65 13868->13869 13870 6ce43c57 DeleteCriticalSection 13868->13870 13871 6ce40667 _free 14 API calls 13869->13871 13870->13869 13870->13870 13871->13867 13872 6ce42cb8 13875 6ce42c3f 13872->13875 13876 6ce42c4b ___scrt_is_nonwritable_in_current_image 13875->13876 13883 6ce405ba EnterCriticalSection 13876->13883 13878 6ce42c55 13879 6ce42c83 13878->13879 13881 6ce4304d __fassign 14 API calls 13878->13881 13884 6ce42ca1 13879->13884 13881->13878 13883->13878 13887 6ce40602 LeaveCriticalSection 13884->13887 13886 6ce42c8f 13887->13886 13888 6ce3ccfe 13889 6ce3d50f ___std_exception_destroy 14 API calls 13888->13889 13890 6ce3cd13 13889->13890 13891 6ce40579 13892 6ce40584 13891->13892 13893 6ce41f50 6 API calls 13892->13893 13894 6ce405ad 13892->13894 13896 6ce405a9 13892->13896 13893->13892 13897 6ce405d1 13894->13897 13898 6ce405fd 13897->13898 13899 6ce405de 13897->13899 13898->13896 13900 6ce405e8 DeleteCriticalSection 13899->13900 13900->13898 13900->13900 13901 6ce3e703 13902 6ce3e73c 13901->13902 13903 6ce3e70c 13901->13903 13903->13902 13910 6ce3e949 13903->13910 13906 6ce3e949 47 API calls 13907 6ce3e752 13906->13907 13924 6ce3fd75 13907->13924 13911 6ce3e957 23 API calls 13910->13911 13912 6ce3e94e 13911->13912 13913 6ce3e747 13912->13913 13914 6ce42402 __fassign 2 API calls 13912->13914 13913->13906 13915 6ce3fe10 13914->13915 13916 6ce3fe1b 13915->13916 13917 6ce42447 __fassign 37 API calls 13915->13917 13918 6ce3fe25 IsProcessorFeaturePresent 13916->13918 13923 6ce3fe44 13916->13923 13917->13916 13919 6ce3fe31 13918->13919 13921 6ce3ed7c __fassign 8 API calls 13919->13921 13920 6ce3f558 __fassign 23 API calls 13922 6ce3fe4e 13920->13922 13921->13923 13923->13920 13925 6ce3fd81 ___scrt_is_nonwritable_in_current_image 13924->13925 13926 6ce40327 __fassign 37 API calls 13925->13926 13927 6ce3fd86 13926->13927 13928 6ce3fe0b __fassign 37 API calls 13927->13928 13929 6ce3fdb0 13928->13929 12210 6ce143c0 12212 6ce143e0 std::bad_exception::bad_exception 12210->12212 12211 6ce17885 NtWriteVirtualMemory 12211->12212 12212->12211 12213 6ce18fdb NtWriteVirtualMemory 12212->12213 12214 6ce16e7e CreateProcessW 12212->12214 12215 6ce174e9 NtAllocateVirtualMemory 12212->12215 12216 6ce19c7c CloseHandle 12212->12216 12217 6ce1a619 NtReadVirtualMemory 12212->12217 12218 6ce17eb7 NtWriteVirtualMemory 12212->12218 12220 6ce1a86b CloseHandle 12212->12220 12221 6ce19448 NtWriteVirtualMemory 12212->12221 12222 6ce15f5a GetConsoleWindow ShowWindow 12212->12222 12224 6ce0d910 26 API calls 12212->12224 12226 6ce19964 NtSetContextThread NtResumeThread 12212->12226 12227 6ce19721 NtCreateThreadEx 12212->12227 12228 6ce19fdd VirtualAlloc 12212->12228 12229 6ce1ac71 NtCreateThreadEx 12212->12229 12230 6ce1a6d9 NtWriteVirtualMemory 12212->12230 12231 6ce18e86 NtReadVirtualMemory 12212->12231 12232 6ce19ea7 12212->12232 12235 6ce16f0e NtGetContextThread 12212->12235 12236 6ce176d5 NtWriteVirtualMemory 12212->12236 12237 6ce1a9c2 NtWriteVirtualMemory 12212->12237 12238 6ce1ae36 NtSetContextThread NtResumeThread 12212->12238 12239 6ce1a256 NtAllocateVirtualMemory 12212->12239 12240 6ce1a7bd NtSetContextThread NtResumeThread 12212->12240 12241 6ce16781 VirtualAlloc 12212->12241 12244 6ce19be2 CloseHandle 12212->12244 12269 6ce12b10 12212->12269 12286 6ce0d370 12212->12286 12213->12212 12214->12212 12215->12212 12216->12212 12217->12212 12282 6ce14050 12218->12282 12220->12212 12221->12212 12245 6ce0d910 12222->12245 12224->12212 12226->12212 12227->12212 12228->12212 12229->12212 12230->12212 12231->12212 12290 6ce3bf90 12232->12290 12234 6ce19eb1 12235->12212 12236->12212 12237->12212 12238->12212 12239->12212 12240->12212 12241->12212 12244->12212 12262 6ce0d977 ___scrt_uninitialize_crt 12245->12262 12246 6ce0ed5f CloseHandle 12246->12262 12247 6ce0ea8b CreateFileMappingA 12247->12262 12248 6ce0fd9f 12249 6ce3bf90 _ValidateLocalCookies 5 API calls 12248->12249 12251 6ce0fda9 12249->12251 12250 6ce0e8a5 K32GetModuleInformation 12250->12262 12251->12212 12252 6ce10332 CloseHandle 12252->12262 12253 6ce0e9c1 GetModuleFileNameA CreateFileA 12253->12262 12254 6ce10232 CloseHandle 12254->12262 12255 6ce10384 CloseHandle 12255->12262 12256 6ce0ff09 VirtualProtect 12256->12262 12257 6ce0fab8 CloseHandle 12257->12262 12258 6ce0fe3f CloseHandle 12258->12262 12259 6ce0f430 VirtualProtect 12259->12262 12260 6ce0fc65 CloseHandle CloseHandle 12260->12262 12261 6ce103a2 VirtualProtect 12261->12262 12262->12246 12262->12247 12262->12248 12262->12250 12262->12252 12262->12253 12262->12254 12262->12255 12262->12256 12262->12257 12262->12258 12262->12259 12262->12260 12262->12261 12263 6ce10352 CloseHandle CloseHandle 12262->12263 12264 6ce0ef21 MapViewOfFile 12262->12264 12265 6ce0e665 GetCurrentProcess 12262->12265 12268 6ce0f926 VirtualProtect 12262->12268 12263->12262 12264->12262 12297 6ce3cd60 12265->12297 12268->12262 12273 6ce12b30 std::bad_exception::bad_exception 12269->12273 12270 6ce13f89 GetModuleHandleW 12271 6ce10440 5 API calls 12270->12271 12272 6ce13227 12271->12272 12272->12273 12273->12270 12274 6ce134dd NtQueryInformationProcess 12273->12274 12275 6ce131e2 GetModuleHandleW 12273->12275 12277 6ce13ca7 12273->12277 12280 6ce13cc2 GetModuleHandleW 12273->12280 12274->12273 12299 6ce10440 12275->12299 12278 6ce3bf90 _ValidateLocalCookies 5 API calls 12277->12278 12279 6ce13cb7 NtAllocateVirtualMemory 12278->12279 12279->12212 12281 6ce10440 5 API calls 12280->12281 12281->12272 12283 6ce140ae 12282->12283 12284 6ce3bf90 _ValidateLocalCookies 5 API calls 12283->12284 12285 6ce14393 12284->12285 12285->12212 12287 6ce0d3cf 12286->12287 12288 6ce3bf90 _ValidateLocalCookies 5 API calls 12287->12288 12289 6ce0d896 12288->12289 12289->12212 12291 6ce3bf99 IsProcessorFeaturePresent 12290->12291 12292 6ce3bf98 12290->12292 12294 6ce3c3a4 12291->12294 12292->12234 12303 6ce3c367 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 12294->12303 12296 6ce3c487 12296->12234 12298 6ce0e6ac GetModuleHandleA 12297->12298 12298->12262 12300 6ce10468 12299->12300 12301 6ce3bf90 _ValidateLocalCookies 5 API calls 12300->12301 12302 6ce12658 12301->12302 12302->12272 12303->12296 13930 6ce37740 13932 6ce3779b 13930->13932 13931 6ce37c50 14 API calls 13931->13932 13932->13931 13933 6ce37c01 13932->13933 13934 6ce3bf90 _ValidateLocalCookies 5 API calls 13933->13934 13935 6ce37c11 13934->13935 13936 6ce3e480 13937 6ce3e49e 13936->13937 13948 6ce3e440 13937->13948 13949 6ce3e452 13948->13949 13950 6ce3e45f 13948->13950 13951 6ce3bf90 _ValidateLocalCookies 5 API calls 13949->13951 13951->13950 13952 6ce3e800 13953 6ce3e812 13952->13953 13955 6ce3e820 13952->13955 13954 6ce3bf90 _ValidateLocalCookies 5 API calls 13953->13954 13954->13955 13956 6ce32d80 13957 6ce32d97 13956->13957 13959 6ce3310c 13957->13959 13960 6ce33150 13957->13960 13961 6ce33165 std::bad_exception::bad_exception 13960->13961 13964 6ce3d4ac 13961->13964 13965 6ce337a2 13964->13965 13967 6ce3d4b9 ___std_exception_copy 13964->13967 13965->13957 13966 6ce3d4e6 13968 6ce3f0be ___std_type_info_destroy_list 14 API calls 13966->13968 13967->13965 13967->13966 13970 6ce3fdb1 13967->13970 13968->13965 13971 6ce3fdbe 13970->13971 13973 6ce3fdcc 13970->13973 13971->13973 13977 6ce3fde3 13971->13977 13972 6ce4074b _free 14 API calls 13974 6ce3fdd4 13972->13974 13973->13972 13975 6ce3ef28 ___std_exception_copy 25 API calls 13974->13975 13976 6ce3fdde 13975->13976 13976->13966 13977->13976 13978 6ce4074b _free 14 API calls 13977->13978 13978->13974 13979 6ce46107 13980 6ce46110 13979->13980 13981 6ce46623 __startOneArgErrorHandling 20 API calls 13980->13981 13982 6ce46130 13981->13982 12304 6ce3c344 12305 6ce3c352 12304->12305 12306 6ce3c34d 12304->12306 12310 6ce3c20e 12305->12310 12325 6ce3c528 12306->12325 12313 6ce3c21a ___scrt_is_nonwritable_in_current_image 12310->12313 12311 6ce3c229 12312 6ce3c243 dllmain_raw 12312->12311 12315 6ce3c25d dllmain_crt_dispatch 12312->12315 12313->12311 12313->12312 12314 6ce3c23e 12313->12314 12329 6ce1ae90 12314->12329 12315->12311 12315->12314 12318 6ce3c2af 12318->12311 12319 6ce3c2b8 dllmain_crt_dispatch 12318->12319 12319->12311 12320 6ce3c2cb dllmain_raw 12319->12320 12320->12311 12321 6ce1ae90 __DllMainCRTStartup@12 5 API calls 12322 6ce3c296 12321->12322 12333 6ce3c15e 12322->12333 12324 6ce3c2a4 dllmain_raw 12324->12318 12326 6ce3c53e 12325->12326 12328 6ce3c547 12326->12328 12650 6ce3c4db GetSystemTimeAsFileTime GetCurrentThreadId GetCurrentProcessId QueryPerformanceCounter 12326->12650 12328->12305 12330 6ce1aef4 12329->12330 12331 6ce3bf90 _ValidateLocalCookies 5 API calls 12330->12331 12332 6ce1c187 12331->12332 12332->12318 12332->12321 12334 6ce3c16a ___scrt_is_nonwritable_in_current_image __DllMainCRTStartup@12 12333->12334 12335 6ce3c173 12334->12335 12336 6ce3c206 12334->12336 12337 6ce3c19b 12334->12337 12335->12324 12381 6ce3c892 IsProcessorFeaturePresent 12336->12381 12360 6ce3c6c3 12337->12360 12340 6ce3c1a0 12369 6ce3c57f 12340->12369 12342 6ce3c20d ___scrt_is_nonwritable_in_current_image 12343 6ce3c243 dllmain_raw 12342->12343 12345 6ce3c23e 12342->12345 12357 6ce3c229 12342->12357 12346 6ce3c25d dllmain_crt_dispatch 12343->12346 12343->12357 12344 6ce3c1a5 __RTC_Initialize __DllMainCRTStartup@12 12372 6ce3c864 12344->12372 12349 6ce1ae90 __DllMainCRTStartup@12 5 API calls 12345->12349 12346->12345 12346->12357 12351 6ce3c27e 12349->12351 12352 6ce3c2af 12351->12352 12355 6ce1ae90 __DllMainCRTStartup@12 5 API calls 12351->12355 12353 6ce3c2b8 dllmain_crt_dispatch 12352->12353 12352->12357 12354 6ce3c2cb dllmain_raw 12353->12354 12353->12357 12354->12357 12356 6ce3c296 12355->12356 12358 6ce3c15e __DllMainCRTStartup@12 79 API calls 12356->12358 12357->12324 12359 6ce3c2a4 dllmain_raw 12358->12359 12359->12352 12361 6ce3c6c8 ___scrt_release_startup_lock 12360->12361 12362 6ce3c6cc 12361->12362 12366 6ce3c6d8 __DllMainCRTStartup@12 12361->12366 12385 6ce3fb9b 12362->12385 12365 6ce3c6e5 12365->12340 12366->12365 12388 6ce3f3fe 12366->12388 12522 6ce3e5de InterlockedFlushSList 12369->12522 12373 6ce3c870 12372->12373 12374 6ce3c1c4 12373->12374 12529 6ce3fd33 12373->12529 12378 6ce3c200 12374->12378 12376 6ce3c87e 12534 6ce3e636 12376->12534 12633 6ce3c6e6 12378->12633 12382 6ce3c8a8 __DllMainCRTStartup@12 std::bad_exception::bad_exception 12381->12382 12383 6ce3c953 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 12382->12383 12384 6ce3c99e __DllMainCRTStartup@12 12383->12384 12384->12342 12399 6ce3fa66 12385->12399 12389 6ce3f40c 12388->12389 12397 6ce3f41d 12388->12397 12470 6ce3f4a4 GetModuleHandleW 12389->12470 12394 6ce3f457 12394->12340 12477 6ce3f2c4 12397->12477 12400 6ce3fa72 ___scrt_is_nonwritable_in_current_image 12399->12400 12407 6ce405ba EnterCriticalSection 12400->12407 12402 6ce3fa80 12408 6ce3fac1 12402->12408 12407->12402 12409 6ce3fae0 12408->12409 12410 6ce3fa8d 12408->12410 12409->12410 12415 6ce40667 12409->12415 12412 6ce3fab5 12410->12412 12469 6ce40602 LeaveCriticalSection 12412->12469 12414 6ce3c6d6 12414->12340 12416 6ce40672 HeapFree 12415->12416 12417 6ce4069b _free 12415->12417 12416->12417 12418 6ce40687 12416->12418 12417->12410 12421 6ce4074b 12418->12421 12424 6ce4047e GetLastError 12421->12424 12423 6ce4068d GetLastError 12423->12417 12425 6ce40495 12424->12425 12426 6ce4049b 12424->12426 12447 6ce41ecf 12425->12447 12430 6ce404a1 SetLastError 12426->12430 12452 6ce41f0e 12426->12452 12430->12423 12434 6ce404d1 12437 6ce41f0e __dosmaperr 6 API calls 12434->12437 12435 6ce404e8 12436 6ce41f0e __dosmaperr 6 API calls 12435->12436 12438 6ce404f4 12436->12438 12439 6ce404df 12437->12439 12440 6ce404f8 12438->12440 12441 6ce40509 12438->12441 12442 6ce40667 _free 12 API calls 12439->12442 12443 6ce41f0e __dosmaperr 6 API calls 12440->12443 12464 6ce40129 12441->12464 12442->12430 12443->12439 12446 6ce40667 _free 12 API calls 12446->12430 12448 6ce41d6f __dosmaperr 5 API calls 12447->12448 12449 6ce41eeb 12448->12449 12450 6ce41ef4 12449->12450 12451 6ce41f06 TlsGetValue 12449->12451 12450->12426 12453 6ce41d6f __dosmaperr 5 API calls 12452->12453 12454 6ce41f2a 12453->12454 12455 6ce41f48 TlsSetValue 12454->12455 12456 6ce404b9 12454->12456 12456->12430 12457 6ce4075e 12456->12457 12462 6ce4076b __dosmaperr 12457->12462 12458 6ce407ab 12461 6ce4074b _free 13 API calls 12458->12461 12459 6ce40796 RtlAllocateHeap 12460 6ce404c9 12459->12460 12459->12462 12460->12434 12460->12435 12461->12460 12462->12458 12462->12459 12463 6ce3f02a __dosmaperr EnterCriticalSection LeaveCriticalSection 12462->12463 12463->12462 12465 6ce3ffbd __dosmaperr EnterCriticalSection LeaveCriticalSection 12464->12465 12466 6ce40197 12465->12466 12467 6ce400cf __dosmaperr 14 API calls 12466->12467 12468 6ce401c0 12467->12468 12468->12446 12469->12414 12471 6ce3f411 12470->12471 12471->12397 12472 6ce3f4e7 GetModuleHandleExW 12471->12472 12473 6ce3f506 GetProcAddress 12472->12473 12474 6ce3f51b 12472->12474 12473->12474 12475 6ce3f538 12474->12475 12476 6ce3f52f FreeLibrary 12474->12476 12475->12397 12476->12475 12478 6ce3f2d0 ___scrt_is_nonwritable_in_current_image 12477->12478 12493 6ce405ba EnterCriticalSection 12478->12493 12480 6ce3f2da 12494 6ce3f311 12480->12494 12482 6ce3f2e7 12498 6ce3f305 12482->12498 12485 6ce3f462 12502 6ce406a1 GetPEB 12485->12502 12488 6ce3f491 12491 6ce3f4e7 __DllMainCRTStartup@12 3 API calls 12488->12491 12489 6ce3f471 GetPEB 12489->12488 12490 6ce3f481 GetCurrentProcess TerminateProcess 12489->12490 12490->12488 12492 6ce3f499 ExitProcess 12491->12492 12493->12480 12495 6ce3f31d ___scrt_is_nonwritable_in_current_image 12494->12495 12496 6ce3fb9b __DllMainCRTStartup@12 14 API calls 12495->12496 12497 6ce3f37e __DllMainCRTStartup@12 12495->12497 12496->12497 12497->12482 12501 6ce40602 LeaveCriticalSection 12498->12501 12500 6ce3f2f3 12500->12394 12500->12485 12501->12500 12503 6ce3f46c 12502->12503 12504 6ce406bb 12502->12504 12503->12488 12503->12489 12506 6ce41df2 12504->12506 12509 6ce41d6f 12506->12509 12508 6ce41e0e 12508->12503 12510 6ce41d9d 12509->12510 12514 6ce41d99 __dosmaperr 12509->12514 12510->12514 12515 6ce41ca8 12510->12515 12513 6ce41db7 GetProcAddress 12513->12514 12514->12508 12519 6ce41cb9 ___vcrt_InitializeCriticalSectionEx 12515->12519 12516 6ce41d64 12516->12513 12516->12514 12517 6ce41cd7 LoadLibraryExW 12518 6ce41cf2 GetLastError 12517->12518 12517->12519 12518->12519 12519->12516 12519->12517 12520 6ce41d4d FreeLibrary 12519->12520 12521 6ce41d25 LoadLibraryExW 12519->12521 12520->12519 12521->12519 12523 6ce3e5ee 12522->12523 12525 6ce3c589 12522->12525 12523->12525 12526 6ce3f0be 12523->12526 12525->12344 12527 6ce40667 _free 14 API calls 12526->12527 12528 6ce3f0d6 12527->12528 12528->12523 12530 6ce3fd50 ___scrt_uninitialize_crt 12529->12530 12531 6ce3fd3e 12529->12531 12530->12376 12532 6ce3fd4c 12531->12532 12540 6ce4291d 12531->12540 12532->12376 12535 6ce3e649 12534->12535 12536 6ce3e63f 12534->12536 12535->12374 12606 6ce3ea1c 12536->12606 12543 6ce427cb 12540->12543 12546 6ce4271f 12543->12546 12547 6ce4272b ___scrt_is_nonwritable_in_current_image 12546->12547 12554 6ce405ba EnterCriticalSection 12547->12554 12549 6ce42735 ___scrt_uninitialize_crt 12550 6ce427a1 12549->12550 12555 6ce42693 12549->12555 12563 6ce427bf 12550->12563 12554->12549 12556 6ce4269f ___scrt_is_nonwritable_in_current_image 12555->12556 12566 6ce42a3a EnterCriticalSection 12556->12566 12558 6ce426a9 ___scrt_uninitialize_crt 12562 6ce426e2 12558->12562 12567 6ce428d5 12558->12567 12577 6ce42713 12562->12577 12605 6ce40602 LeaveCriticalSection 12563->12605 12565 6ce427ad 12565->12532 12566->12558 12568 6ce428e2 12567->12568 12569 6ce428eb 12567->12569 12571 6ce427cb ___scrt_uninitialize_crt 66 API calls 12568->12571 12580 6ce42870 12569->12580 12576 6ce428e8 12571->12576 12574 6ce42907 12593 6ce43ef2 12574->12593 12576->12562 12604 6ce42a4e LeaveCriticalSection 12577->12604 12579 6ce42701 12579->12549 12581 6ce42888 12580->12581 12582 6ce428ad 12580->12582 12581->12582 12583 6ce42c18 ___scrt_uninitialize_crt 25 API calls 12581->12583 12582->12576 12586 6ce42c18 12582->12586 12584 6ce428a6 12583->12584 12585 6ce446ea ___scrt_uninitialize_crt 62 API calls 12584->12585 12585->12582 12587 6ce42c24 12586->12587 12588 6ce42c39 12586->12588 12589 6ce4074b _free 14 API calls 12587->12589 12588->12574 12590 6ce42c29 12589->12590 12591 6ce3ef28 ___std_exception_copy 25 API calls 12590->12591 12592 6ce42c34 12591->12592 12592->12574 12594 6ce43f10 12593->12594 12595 6ce43f03 12593->12595 12597 6ce43f59 12594->12597 12599 6ce43f37 12594->12599 12596 6ce4074b _free 14 API calls 12595->12596 12603 6ce43f08 12596->12603 12598 6ce4074b _free 14 API calls 12597->12598 12600 6ce43f5e 12598->12600 12601 6ce43e50 ___scrt_uninitialize_crt 29 API calls 12599->12601 12602 6ce3ef28 ___std_exception_copy 25 API calls 12600->12602 12601->12603 12602->12603 12603->12576 12604->12579 12605->12565 12607 6ce3ea26 12606->12607 12608 6ce3e644 12606->12608 12614 6ce3ebf1 12607->12614 12610 6ce3ea73 12608->12610 12611 6ce3ea9d 12610->12611 12612 6ce3ea7e 12610->12612 12611->12535 12613 6ce3ea88 DeleteCriticalSection 12612->12613 12613->12611 12613->12613 12619 6ce3eb6d 12614->12619 12617 6ce3ec23 TlsFree 12618 6ce3ec17 12617->12618 12618->12608 12620 6ce3eba8 12619->12620 12621 6ce3eb85 12619->12621 12620->12617 12620->12618 12621->12620 12625 6ce3ead3 12621->12625 12624 6ce3eb9a GetProcAddress 12624->12620 12631 6ce3eadf ___vcrt_InitializeCriticalSectionEx 12625->12631 12626 6ce3eb53 12626->12620 12626->12624 12627 6ce3eaf5 LoadLibraryExW 12628 6ce3eb13 GetLastError 12627->12628 12629 6ce3eb5a 12627->12629 12628->12631 12629->12626 12630 6ce3eb62 FreeLibrary 12629->12630 12630->12626 12631->12626 12631->12627 12632 6ce3eb35 LoadLibraryExW 12631->12632 12632->12629 12632->12631 12638 6ce3fd63 12633->12638 12636 6ce3ea1c ___vcrt_uninitialize_ptd 6 API calls 12637 6ce3c205 12636->12637 12637->12335 12641 6ce4055f 12638->12641 12642 6ce3c6ed 12641->12642 12643 6ce40569 12641->12643 12642->12636 12645 6ce41e90 12643->12645 12646 6ce41d6f __dosmaperr 5 API calls 12645->12646 12647 6ce41eac 12646->12647 12648 6ce41eb5 12647->12648 12649 6ce41ec7 TlsFree 12647->12649 12648->12642 12650->12328 12651 6ce3c004 12652 6ce3c042 12651->12652 12653 6ce3c00f 12651->12653 12654 6ce3c15e __DllMainCRTStartup@12 84 API calls 12652->12654 12655 6ce3c034 12653->12655 12656 6ce3c014 12653->12656 12662 6ce3c01e 12654->12662 12663 6ce3c057 12655->12663 12658 6ce3c02a 12656->12658 12659 6ce3c019 12656->12659 12682 6ce3c663 12658->12682 12659->12662 12677 6ce3c682 12659->12677 12664 6ce3c063 ___scrt_is_nonwritable_in_current_image 12663->12664 12690 6ce3c6f3 12664->12690 12666 6ce3c06a __DllMainCRTStartup@12 12667 6ce3c091 12666->12667 12668 6ce3c156 12666->12668 12674 6ce3c0cd ___scrt_is_nonwritable_in_current_image __DllMainCRTStartup@12 12666->12674 12698 6ce3c655 12667->12698 12670 6ce3c892 __DllMainCRTStartup@12 4 API calls 12668->12670 12671 6ce3c15d 12670->12671 12672 6ce3c0a0 __RTC_Initialize 12672->12674 12701 6ce3c573 InitializeSListHead 12672->12701 12674->12662 12675 6ce3c0ae 12675->12674 12702 6ce3c62a 12675->12702 12751 6ce3fd2b 12677->12751 12954 6ce3e620 12682->12954 12685 6ce3c66c 12685->12662 12688 6ce3c67f 12688->12662 12689 6ce3e62b 21 API calls 12689->12685 12691 6ce3c6fc 12690->12691 12706 6ce3ca58 IsProcessorFeaturePresent 12691->12706 12695 6ce3c70d 12696 6ce3e636 ___scrt_uninitialize_crt 7 API calls 12695->12696 12697 6ce3c711 12695->12697 12696->12697 12697->12666 12745 6ce3c72c 12698->12745 12700 6ce3c65c 12700->12672 12701->12675 12703 6ce3c62f ___scrt_release_startup_lock 12702->12703 12704 6ce3ca58 IsProcessorFeaturePresent 12703->12704 12705 6ce3c638 12703->12705 12704->12705 12705->12674 12707 6ce3c708 12706->12707 12708 6ce3e601 12707->12708 12716 6ce3ea37 12708->12716 12712 6ce3e612 12713 6ce3e61d 12712->12713 12714 6ce3ea73 ___vcrt_uninitialize_locks DeleteCriticalSection 12712->12714 12713->12695 12715 6ce3e60a 12714->12715 12715->12695 12717 6ce3ea40 12716->12717 12719 6ce3ea69 12717->12719 12721 6ce3e606 12717->12721 12730 6ce3eca5 12717->12730 12720 6ce3ea73 ___vcrt_uninitialize_locks DeleteCriticalSection 12719->12720 12720->12721 12721->12715 12722 6ce3e9e9 12721->12722 12735 6ce3ebb6 12722->12735 12727 6ce3ea19 12727->12712 12728 6ce3ea1c ___vcrt_uninitialize_ptd 6 API calls 12729 6ce3e9fe 12728->12729 12729->12712 12731 6ce3eb6d ___vcrt_InitializeCriticalSectionEx 5 API calls 12730->12731 12732 6ce3ecbf 12731->12732 12733 6ce3ecdd InitializeCriticalSectionAndSpinCount 12732->12733 12734 6ce3ecc8 12732->12734 12733->12734 12734->12717 12736 6ce3eb6d ___vcrt_InitializeCriticalSectionEx 5 API calls 12735->12736 12737 6ce3ebd0 12736->12737 12738 6ce3ebe9 TlsAlloc 12737->12738 12739 6ce3e9f3 12737->12739 12739->12729 12740 6ce3ec67 12739->12740 12741 6ce3eb6d ___vcrt_InitializeCriticalSectionEx 5 API calls 12740->12741 12742 6ce3ec81 12741->12742 12743 6ce3ec9c TlsSetValue 12742->12743 12744 6ce3ea0c 12742->12744 12743->12744 12744->12727 12744->12728 12746 6ce3c738 12745->12746 12747 6ce3c73c 12745->12747 12746->12700 12748 6ce3c892 __DllMainCRTStartup@12 4 API calls 12747->12748 12750 6ce3c749 ___scrt_release_startup_lock 12747->12750 12749 6ce3c7b2 12748->12749 12750->12700 12757 6ce402fb 12751->12757 12754 6ce3e62b 12937 6ce3e913 12754->12937 12758 6ce40305 12757->12758 12759 6ce3c687 12757->12759 12760 6ce41ecf __dosmaperr 6 API calls 12758->12760 12759->12754 12761 6ce4030c 12760->12761 12761->12759 12762 6ce41f0e __dosmaperr 6 API calls 12761->12762 12763 6ce4031f 12762->12763 12765 6ce401c2 12763->12765 12766 6ce401cd 12765->12766 12767 6ce401dd 12765->12767 12771 6ce401e3 12766->12771 12767->12759 12770 6ce40667 _free 14 API calls 12770->12767 12772 6ce401fe 12771->12772 12773 6ce401f8 12771->12773 12775 6ce40667 _free 14 API calls 12772->12775 12774 6ce40667 _free 14 API calls 12773->12774 12774->12772 12776 6ce4020a 12775->12776 12777 6ce40667 _free 14 API calls 12776->12777 12778 6ce40215 12777->12778 12779 6ce40667 _free 14 API calls 12778->12779 12780 6ce40220 12779->12780 12781 6ce40667 _free 14 API calls 12780->12781 12782 6ce4022b 12781->12782 12783 6ce40667 _free 14 API calls 12782->12783 12784 6ce40236 12783->12784 12785 6ce40667 _free 14 API calls 12784->12785 12786 6ce40241 12785->12786 12787 6ce40667 _free 14 API calls 12786->12787 12788 6ce4024c 12787->12788 12789 6ce40667 _free 14 API calls 12788->12789 12790 6ce40257 12789->12790 12791 6ce40667 _free 14 API calls 12790->12791 12792 6ce40265 12791->12792 12797 6ce4000f 12792->12797 12798 6ce4001b ___scrt_is_nonwritable_in_current_image 12797->12798 12813 6ce405ba EnterCriticalSection 12798->12813 12801 6ce40025 12803 6ce40667 _free 14 API calls 12801->12803 12804 6ce4004f 12801->12804 12803->12804 12814 6ce4006e 12804->12814 12805 6ce4007a 12806 6ce40086 ___scrt_is_nonwritable_in_current_image 12805->12806 12818 6ce405ba EnterCriticalSection 12806->12818 12808 6ce40090 12819 6ce402b0 12808->12819 12810 6ce400a3 12823 6ce400c3 12810->12823 12813->12801 12817 6ce40602 LeaveCriticalSection 12814->12817 12816 6ce4005c 12816->12805 12817->12816 12818->12808 12820 6ce402e6 __fassign 12819->12820 12821 6ce402bf __fassign 12819->12821 12820->12810 12821->12820 12826 6ce42d80 12821->12826 12936 6ce40602 LeaveCriticalSection 12823->12936 12825 6ce400b1 12825->12770 12827 6ce42e00 12826->12827 12830 6ce42d96 12826->12830 12829 6ce40667 _free 14 API calls 12827->12829 12852 6ce42e4e 12827->12852 12831 6ce42e22 12829->12831 12830->12827 12834 6ce40667 _free 14 API calls 12830->12834 12836 6ce42dc9 12830->12836 12832 6ce40667 _free 14 API calls 12831->12832 12835 6ce42e35 12832->12835 12833 6ce42e5c 12842 6ce42ebc 12833->12842 12851 6ce40667 14 API calls _free 12833->12851 12838 6ce42dbe 12834->12838 12839 6ce40667 _free 14 API calls 12835->12839 12840 6ce40667 _free 14 API calls 12836->12840 12853 6ce42deb 12836->12853 12837 6ce40667 _free 14 API calls 12841 6ce42df5 12837->12841 12854 6ce44cb7 12838->12854 12845 6ce42e43 12839->12845 12846 6ce42de0 12840->12846 12847 6ce40667 _free 14 API calls 12841->12847 12843 6ce40667 _free 14 API calls 12842->12843 12848 6ce42ec2 12843->12848 12849 6ce40667 _free 14 API calls 12845->12849 12882 6ce44db5 12846->12882 12847->12827 12848->12820 12849->12852 12851->12833 12894 6ce42ef1 12852->12894 12853->12837 12855 6ce44cc8 12854->12855 12881 6ce44db1 12854->12881 12856 6ce44cd9 12855->12856 12857 6ce40667 _free 14 API calls 12855->12857 12858 6ce44ceb 12856->12858 12859 6ce40667 _free 14 API calls 12856->12859 12857->12856 12860 6ce44cfd 12858->12860 12862 6ce40667 _free 14 API calls 12858->12862 12859->12858 12861 6ce44d0f 12860->12861 12863 6ce40667 _free 14 API calls 12860->12863 12864 6ce44d21 12861->12864 12865 6ce40667 _free 14 API calls 12861->12865 12862->12860 12863->12861 12866 6ce44d33 12864->12866 12867 6ce40667 _free 14 API calls 12864->12867 12865->12864 12868 6ce44d45 12866->12868 12869 6ce40667 _free 14 API calls 12866->12869 12867->12866 12870 6ce40667 _free 14 API calls 12868->12870 12871 6ce44d57 12868->12871 12869->12868 12870->12871 12872 6ce40667 _free 14 API calls 12871->12872 12873 6ce44d69 12871->12873 12872->12873 12874 6ce44d7b 12873->12874 12875 6ce40667 _free 14 API calls 12873->12875 12876 6ce44d8d 12874->12876 12878 6ce40667 _free 14 API calls 12874->12878 12875->12874 12877 6ce44d9f 12876->12877 12879 6ce40667 _free 14 API calls 12876->12879 12880 6ce40667 _free 14 API calls 12877->12880 12877->12881 12878->12876 12879->12877 12880->12881 12881->12836 12883 6ce44dc2 12882->12883 12884 6ce44e1a 12882->12884 12885 6ce44dd2 12883->12885 12887 6ce40667 _free 14 API calls 12883->12887 12884->12853 12886 6ce44de4 12885->12886 12888 6ce40667 _free 14 API calls 12885->12888 12889 6ce44df6 12886->12889 12890 6ce40667 _free 14 API calls 12886->12890 12887->12885 12888->12886 12891 6ce44e08 12889->12891 12892 6ce40667 _free 14 API calls 12889->12892 12890->12889 12891->12884 12893 6ce40667 _free 14 API calls 12891->12893 12892->12891 12893->12884 12895 6ce42efe 12894->12895 12896 6ce42f1d 12894->12896 12895->12896 12900 6ce44e56 12895->12900 12896->12833 12899 6ce40667 _free 14 API calls 12899->12896 12901 6ce42f17 12900->12901 12902 6ce44e67 12900->12902 12901->12899 12903 6ce44e1e __fassign 14 API calls 12902->12903 12904 6ce44e6f 12903->12904 12905 6ce44e1e __fassign 14 API calls 12904->12905 12906 6ce44e7a 12905->12906 12907 6ce44e1e __fassign 14 API calls 12906->12907 12908 6ce44e85 12907->12908 12909 6ce44e1e __fassign 14 API calls 12908->12909 12910 6ce44e90 12909->12910 12911 6ce44e1e __fassign 14 API calls 12910->12911 12912 6ce44e9e 12911->12912 12913 6ce40667 _free 14 API calls 12912->12913 12914 6ce44ea9 12913->12914 12915 6ce40667 _free 14 API calls 12914->12915 12916 6ce44eb4 12915->12916 12917 6ce40667 _free 14 API calls 12916->12917 12918 6ce44ebf 12917->12918 12919 6ce44e1e __fassign 14 API calls 12918->12919 12920 6ce44ecd 12919->12920 12921 6ce44e1e __fassign 14 API calls 12920->12921 12922 6ce44edb 12921->12922 12923 6ce44e1e __fassign 14 API calls 12922->12923 12924 6ce44eec 12923->12924 12925 6ce44e1e __fassign 14 API calls 12924->12925 12926 6ce44efa 12925->12926 12927 6ce44e1e __fassign 14 API calls 12926->12927 12928 6ce44f08 12927->12928 12929 6ce40667 _free 14 API calls 12928->12929 12930 6ce44f13 12929->12930 12931 6ce40667 _free 14 API calls 12930->12931 12932 6ce44f1e 12931->12932 12933 6ce40667 _free 14 API calls 12932->12933 12934 6ce44f29 12933->12934 12935 6ce40667 _free 14 API calls 12934->12935 12935->12901 12936->12825 12938 6ce3e920 12937->12938 12939 6ce3c68c 12937->12939 12940 6ce3e92e 12938->12940 12945 6ce3ec2c 12938->12945 12939->12662 12942 6ce3ec67 ___vcrt_FlsSetValue 6 API calls 12940->12942 12943 6ce3e93e 12942->12943 12950 6ce3e8f7 12943->12950 12946 6ce3eb6d ___vcrt_InitializeCriticalSectionEx 5 API calls 12945->12946 12947 6ce3ec46 12946->12947 12948 6ce3ec5e TlsGetValue 12947->12948 12949 6ce3ec52 12947->12949 12948->12949 12949->12940 12951 6ce3e901 12950->12951 12953 6ce3e90e 12950->12953 12952 6ce3f0be ___std_type_info_destroy_list 14 API calls 12951->12952 12951->12953 12952->12953 12953->12939 12960 6ce3e957 12954->12960 12956 6ce3c668 12956->12685 12957 6ce3fd20 12956->12957 12958 6ce4047e __dosmaperr 14 API calls 12957->12958 12959 6ce3c674 12958->12959 12959->12688 12959->12689 12961 6ce3e963 GetLastError 12960->12961 12962 6ce3e960 12960->12962 12963 6ce3ec2c ___vcrt_FlsGetValue 6 API calls 12961->12963 12962->12956 12964 6ce3e978 12963->12964 12965 6ce3e9dd SetLastError 12964->12965 12966 6ce3ec67 ___vcrt_FlsSetValue 6 API calls 12964->12966 12973 6ce3e997 12964->12973 12965->12956 12967 6ce3e991 12966->12967 12968 6ce3e9b9 12967->12968 12969 6ce3ec67 ___vcrt_FlsSetValue 6 API calls 12967->12969 12967->12973 12970 6ce3ec67 ___vcrt_FlsSetValue 6 API calls 12968->12970 12971 6ce3e9cd 12968->12971 12969->12968 12970->12971 12972 6ce3f0be ___std_type_info_destroy_list 14 API calls 12971->12972 12972->12973 12973->12965 13983 6ce3c68f 13984 6ce3c697 ___scrt_release_startup_lock 13983->13984 13987 6ce3f14c 13984->13987 13986 6ce3c6bf 13988 6ce3f15b 13987->13988 13989 6ce3f15f 13987->13989 13988->13986 13992 6ce3f16c 13989->13992 13993 6ce4047e __dosmaperr 14 API calls 13992->13993 13994 6ce3f168 13993->13994 13994->13986 13995 6ce3fa0f 13996 6ce3fa21 13995->13996 13997 6ce3fa27 13995->13997 13998 6ce3f99c 14 API calls 13996->13998 13998->13997 13999 6ce3f8cc 14000 6ce3f8e1 13999->14000 14001 6ce4075e __dosmaperr 14 API calls 14000->14001 14012 6ce3f908 14001->14012 14002 6ce3f96d 14003 6ce40667 _free 14 API calls 14002->14003 14004 6ce3f987 14003->14004 14005 6ce4075e __dosmaperr 14 API calls 14005->14012 14006 6ce3f96f 14007 6ce3f99c 14 API calls 14006->14007 14009 6ce3f975 14007->14009 14008 6ce3fdb1 ___std_exception_copy 25 API calls 14008->14012 14010 6ce40667 _free 14 API calls 14009->14010 14010->14002 14011 6ce3f98f 14013 6ce3ef55 ___std_exception_copy 11 API calls 14011->14013 14012->14002 14012->14005 14012->14006 14012->14008 14012->14011 14014 6ce40667 _free 14 API calls 14012->14014 14015 6ce3f99b 14013->14015 14014->14012 14016 6ce42054 14017 6ce42085 14016->14017 14018 6ce4205f 14016->14018 14018->14017 14019 6ce4206f FreeLibrary 14018->14019 14019->14018 14023 6ce1ce10 14024 6ce1ce6e 14023->14024 14025 6ce38ef0 IsProcessorFeaturePresent SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 14024->14025 14026 6ce1d5e3 14024->14026 14025->14024 14027 6ce3bf90 _ValidateLocalCookies 5 API calls 14026->14027 14028 6ce1d5f8 14027->14028 14029 6ce41e51 14030 6ce41d6f __dosmaperr 5 API calls 14029->14030 14031 6ce41e6d 14030->14031 14032 6ce41e85 TlsAlloc 14031->14032 14033 6ce41e76 14031->14033 14032->14033 14034 6ce3fc5a 14037 6ce3fce0 14034->14037 14038 6ce3fcf4 14037->14038 14039 6ce3fc6d 14037->14039 14038->14039 14040 6ce40667 _free 14 API calls 14038->14040 14040->14039 12974 6ce4075e 12979 6ce4076b __dosmaperr 12974->12979 12975 6ce407ab 12978 6ce4074b _free 13 API calls 12975->12978 12976 6ce40796 RtlAllocateHeap 12977 6ce407a9 12976->12977 12976->12979 12978->12977 12979->12975 12979->12976 12981 6ce3f02a 12979->12981 12984 6ce3f057 12981->12984 12985 6ce3f063 ___scrt_is_nonwritable_in_current_image 12984->12985 12990 6ce405ba EnterCriticalSection 12985->12990 12987 6ce3f06e 12991 6ce3f0aa 12987->12991 12990->12987 12994 6ce40602 LeaveCriticalSection 12991->12994 12993 6ce3f035 12993->12979 12994->12993 14041 6ce3cc98 14042 6ce33150 std::bad_exception::bad_exception 25 API calls 14041->14042 14043 6ce3cca6 14042->14043 14044 6ce40f5b 14045 6ce40f6d 14044->14045 14048 6ce40f69 14044->14048 14046 6ce40f72 14045->14046 14047 6ce40f98 14045->14047 14049 6ce4075e __dosmaperr 14 API calls 14046->14049 14047->14048 14055 6ce41bed 14047->14055 14051 6ce40f7b 14049->14051 14053 6ce40667 _free 14 API calls 14051->14053 14052 6ce40fb8 14054 6ce40667 _free 14 API calls 14052->14054 14053->14048 14054->14048 14056 6ce41c15 14055->14056 14057 6ce41bfa 14055->14057 14059 6ce41c24 14056->14059 14064 6ce43aa9 14056->14064 14057->14056 14058 6ce41c06 14057->14058 14060 6ce4074b _free 14 API calls 14058->14060 14071 6ce43adc 14059->14071 14063 6ce41c0b std::bad_exception::bad_exception 14060->14063 14063->14052 14065 6ce43ab4 14064->14065 14066 6ce43ac9 HeapSize 14064->14066 14067 6ce4074b _free 14 API calls 14065->14067 14066->14059 14068 6ce43ab9 14067->14068 14069 6ce3ef28 ___std_exception_copy 25 API calls 14068->14069 14070 6ce43ac4 14069->14070 14070->14059 14072 6ce43af4 14071->14072 14073 6ce43ae9 14071->14073 14075 6ce43afc 14072->14075 14082 6ce43b05 __dosmaperr 14072->14082 14074 6ce40619 15 API calls 14073->14074 14080 6ce43af1 14074->14080 14076 6ce40667 _free 14 API calls 14075->14076 14076->14080 14077 6ce43b2f HeapReAlloc 14077->14080 14077->14082 14078 6ce43b0a 14079 6ce4074b _free 14 API calls 14078->14079 14079->14080 14080->14063 14081 6ce3f02a __dosmaperr 2 API calls 14081->14082 14082->14077 14082->14078 14082->14081

                                                                                                                                                                                                                                      Executed Functions

                                                                                                                                                                                                                                      Function 6CE143C0 Relevance: 96.0, APIs: 29, Strings: 22, Instructions: 6798nativethreadmemoryCOMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1658743870.000000006CE01000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CE00000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658731937.000000006CE00000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658782040.000000006CE48000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658797790.000000006CE4F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658838868.000000006CE9D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_6ce00000_Leside-.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: Virtual$Memory$Thread$Write$Context$AllocateCloseCreateHandleResume$AllocReadWindow$ConsoleProcessShow
                                                                                                                                                                                                                                      • String ID: #q1$+K9$1JYB$3Ar$8wV&$;fV$;fV$@$C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe$C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe$D$E``r$MZx$O|$O|$Z<:T$`D'^$cMI.$kernel32.dll$ntdll.dll$n{s$n{s
                                                                                                                                                                                                                                      • API String ID: 3246816769-1326680750
                                                                                                                                                                                                                                      • Opcode ID: da7d8ec627540317e26ee1c4a592d11688819b117496f8077d3c6eed0cb98c6f
                                                                                                                                                                                                                                      • Instruction ID: c311da6d9f8471c61b47d233761e3d1fddb22465732d11b38dac491a37885d0b
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: da7d8ec627540317e26ee1c4a592d11688819b117496f8077d3c6eed0cb98c6f
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C4C30632B482118FDB14DE3CC9A57E97BF2AB47354F204299D519DBB94D7398A8ACF00
                                                                                                                                                                                                                                      Function 6CE0D910 Relevance: 57.1, APIs: 21, Strings: 10, Instructions: 2857memoryfileCOMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1658743870.000000006CE01000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CE00000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658731937.000000006CE00000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658782040.000000006CE48000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658797790.000000006CE4F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658838868.000000006CE9D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_6ce00000_Leside-.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: Handle$Close$ProtectVirtual$CurrentFileModuleProcessView
                                                                                                                                                                                                                                      • String ID: !R$$r: $$r: $,\*$7'F}$7'F}$@$CW@$`P*$`P*
                                                                                                                                                                                                                                      • API String ID: 2333136242-1908103862
                                                                                                                                                                                                                                      • Opcode ID: 7c6591845d91765d7fe8c1b195f25895ec2ee54e1ef775363375ca138cb52f49
                                                                                                                                                                                                                                      • Instruction ID: 852a47e7d5de276215e3ef4095e725008afbf212f033098f120ee7930632b11c
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7c6591845d91765d7fe8c1b195f25895ec2ee54e1ef775363375ca138cb52f49
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D0231C36B042188FCB04CE7CD9C53DE7BF2AB47314F209169D449DBB95C63A8A9ACB45
                                                                                                                                                                                                                                      Function 6CE12B10 Relevance: 17.3, APIs: 4, Strings: 5, Instructions: 1535COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • GetModuleHandleW.KERNEL32(?,?,?,?,?,?,?), ref: 6CE1320A
                                                                                                                                                                                                                                      • GetModuleHandleW.KERNEL32 ref: 6CE13CD6
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1658743870.000000006CE01000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CE00000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658731937.000000006CE00000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658782040.000000006CE48000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658797790.000000006CE4F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658838868.000000006CE9D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_6ce00000_Leside-.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: HandleModule
                                                                                                                                                                                                                                      • String ID: !'$!'$NtQueryInformationProcess$bgq\$ntdll.dll
                                                                                                                                                                                                                                      • API String ID: 4139908857-2990651319
                                                                                                                                                                                                                                      • Opcode ID: d97321eb497f3e8ee9a3358e8accaaf424abe337e77a85c0ce7f2b9091e30025
                                                                                                                                                                                                                                      • Instruction ID: fd17d136c74cffa2f5c2586a1acc1febad6e16ca1e90a7368a111c237997ea7c
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d97321eb497f3e8ee9a3358e8accaaf424abe337e77a85c0ce7f2b9091e30025
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 47B2F136B481058FCF08DE7CD5D53CE7BF2AB87358F25951AD421DBB94C62A8A0E8B41
                                                                                                                                                                                                                                      Function 6CE3C15E Relevance: 10.6, APIs: 7, Instructions: 136COMMONLIBRARYCODE
                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                      control_flow_graph 1537 6ce3c15e-6ce3c171 call 6ce3ca10 1540 6ce3c173-6ce3c175 1537->1540 1541 6ce3c177-6ce3c199 call 6ce3c5f8 1537->1541 1542 6ce3c1e0-6ce3c1ef 1540->1542 1545 6ce3c206-6ce3c21f call 6ce3c892 call 6ce3ca10 1541->1545 1546 6ce3c19b-6ce3c1de call 6ce3c6c3 call 6ce3c57f call 6ce3c9e1 call 6ce3c1f3 call 6ce3c864 call 6ce3c200 1541->1546 1557 6ce3c221-6ce3c227 1545->1557 1558 6ce3c230-6ce3c237 1545->1558 1546->1542 1557->1558 1560 6ce3c229-6ce3c22b 1557->1560 1561 6ce3c243-6ce3c257 dllmain_raw 1558->1561 1562 6ce3c239-6ce3c23c 1558->1562 1564 6ce3c309-6ce3c318 1560->1564 1567 6ce3c300-6ce3c307 1561->1567 1568 6ce3c25d-6ce3c26e dllmain_crt_dispatch 1561->1568 1562->1561 1565 6ce3c23e-6ce3c241 1562->1565 1569 6ce3c274-6ce3c286 call 6ce1ae90 1565->1569 1567->1564 1568->1567 1568->1569 1576 6ce3c288-6ce3c28a 1569->1576 1577 6ce3c2af-6ce3c2b1 1569->1577 1576->1577 1580 6ce3c28c-6ce3c2aa call 6ce1ae90 call 6ce3c15e dllmain_raw 1576->1580 1578 6ce3c2b3-6ce3c2b6 1577->1578 1579 6ce3c2b8-6ce3c2c9 dllmain_crt_dispatch 1577->1579 1578->1567 1578->1579 1579->1567 1581 6ce3c2cb-6ce3c2fd dllmain_raw 1579->1581 1580->1577 1581->1567
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • __RTC_Initialize.LIBCMT ref: 6CE3C1A5
                                                                                                                                                                                                                                      • ___scrt_uninitialize_crt.LIBCMT ref: 6CE3C1BF
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1658743870.000000006CE01000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CE00000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658731937.000000006CE00000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658782040.000000006CE48000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658797790.000000006CE4F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658838868.000000006CE9D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_6ce00000_Leside-.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: Initialize___scrt_uninitialize_crt
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 2442719207-0
                                                                                                                                                                                                                                      • Opcode ID: 0a4ec3420e419eeecbb6019dc91c86e51c76a1df266d656982f16a0a9ca96fc0
                                                                                                                                                                                                                                      • Instruction ID: bf7ac00fa2cd7214002f6b802760937fc041e975e0819cabe85c827e07e7bf00
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0a4ec3420e419eeecbb6019dc91c86e51c76a1df266d656982f16a0a9ca96fc0
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8541C372F01634EADB10AF95CC40BAE3A74EF456A8F30535AE81DA7B40C730E945DB94
                                                                                                                                                                                                                                      Function 6CE3C20E Relevance: 7.6, APIs: 5, Instructions: 87COMMONLIBRARYCODE
                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                      control_flow_graph 1587 6ce3c20e-6ce3c21f call 6ce3ca10 1590 6ce3c221-6ce3c227 1587->1590 1591 6ce3c230-6ce3c237 1587->1591 1590->1591 1592 6ce3c229-6ce3c22b 1590->1592 1593 6ce3c243-6ce3c257 dllmain_raw 1591->1593 1594 6ce3c239-6ce3c23c 1591->1594 1595 6ce3c309-6ce3c318 1592->1595 1597 6ce3c300-6ce3c307 1593->1597 1598 6ce3c25d-6ce3c26e dllmain_crt_dispatch 1593->1598 1594->1593 1596 6ce3c23e-6ce3c241 1594->1596 1599 6ce3c274-6ce3c286 call 6ce1ae90 1596->1599 1597->1595 1598->1597 1598->1599 1602 6ce3c288-6ce3c28a 1599->1602 1603 6ce3c2af-6ce3c2b1 1599->1603 1602->1603 1606 6ce3c28c-6ce3c2aa call 6ce1ae90 call 6ce3c15e dllmain_raw 1602->1606 1604 6ce3c2b3-6ce3c2b6 1603->1604 1605 6ce3c2b8-6ce3c2c9 dllmain_crt_dispatch 1603->1605 1604->1597 1604->1605 1605->1597 1607 6ce3c2cb-6ce3c2fd dllmain_raw 1605->1607 1606->1603 1607->1597
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1658743870.000000006CE01000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CE00000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658731937.000000006CE00000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658782040.000000006CE48000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658797790.000000006CE4F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658838868.000000006CE9D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_6ce00000_Leside-.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: dllmain_raw$dllmain_crt_dispatch
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 3136044242-0
                                                                                                                                                                                                                                      • Opcode ID: 8f0e7a90c88d582a2df1d3482f2c18908ab2fca5040313b6182983b232bfa6ea
                                                                                                                                                                                                                                      • Instruction ID: d78ca74b0bbfa3139a1267c5760f6b5507699d647227b4f182949d3862022590
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8f0e7a90c88d582a2df1d3482f2c18908ab2fca5040313b6182983b232bfa6ea
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: FA218272F01635EACB21AE95CC40AAE3A79EB8579CB315359F81D5BB10C330ED41CB94
                                                                                                                                                                                                                                      Function 6CE3C057 Relevance: 3.1, APIs: 2, Instructions: 76COMMON
                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                      control_flow_graph 1613 6ce3c057-6ce3c06d call 6ce3ca10 call 6ce3c6f3 1618 6ce3c073-6ce3c08b call 6ce3c5f8 1613->1618 1619 6ce3c144 1613->1619 1623 6ce3c091-6ce3c0a2 call 6ce3c655 1618->1623 1624 6ce3c156-6ce3c15d call 6ce3c892 1618->1624 1621 6ce3c146-6ce3c155 1619->1621 1629 6ce3c0f1-6ce3c0ff call 6ce3c13a 1623->1629 1630 6ce3c0a4-6ce3c0bd call 6ce3c9b5 call 6ce3c573 call 6ce3c597 call 6ce3f11e 1623->1630 1629->1619 1635 6ce3c101-6ce3c10b call 6ce3c88c 1629->1635 1647 6ce3c0c2-6ce3c0c6 1630->1647 1641 6ce3c10d-6ce3c116 call 6ce3c7b3 1635->1641 1642 6ce3c12c-6ce3c135 1635->1642 1641->1642 1648 6ce3c118-6ce3c12a 1641->1648 1642->1621 1647->1629 1649 6ce3c0c8-6ce3c0cf call 6ce3c62a 1647->1649 1648->1642 1649->1629 1653 6ce3c0d1-6ce3c0ee call 6ce3f0d9 1649->1653 1653->1629
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • __RTC_Initialize.LIBCMT ref: 6CE3C0A4
                                                                                                                                                                                                                                        • Part of subcall function 6CE3C573: InitializeSListHead.KERNEL32(6CE9BC50,6CE3C0AE,6CE4D8C0,00000010,6CE3C03F,?,?,?,6CE3C267,?,00000001,?,?,00000001,?,6CE4D908), ref: 6CE3C578
                                                                                                                                                                                                                                      • ___scrt_is_nonwritable_in_current_image.LIBCMT ref: 6CE3C10E
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1658743870.000000006CE01000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CE00000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658731937.000000006CE00000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658782040.000000006CE48000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658797790.000000006CE4F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658838868.000000006CE9D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_6ce00000_Leside-.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: Initialize$HeadList___scrt_is_nonwritable_in_current_image
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 3231365870-0
                                                                                                                                                                                                                                      • Opcode ID: e215b8e3734d52f67f0b1274002137c2053cc50ad7d880d654f27d2186478812
                                                                                                                                                                                                                                      • Instruction ID: c47b27de15db57729bc8cd2895ca4ce970a01e057dd8240f27118735f9438d1f
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e215b8e3734d52f67f0b1274002137c2053cc50ad7d880d654f27d2186478812
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6221CF327042719EDB107BB898007D937719F0636CF30664FD49967B82CB26B188D6A5
                                                                                                                                                                                                                                      Function 6CE4075E Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                      control_flow_graph 1656 6ce4075e-6ce40769 1657 6ce40777-6ce4077d 1656->1657 1658 6ce4076b-6ce40775 1656->1658 1660 6ce40796-6ce407a7 RtlAllocateHeap 1657->1660 1661 6ce4077f-6ce40780 1657->1661 1658->1657 1659 6ce407ab-6ce407b6 call 6ce4074b 1658->1659 1665 6ce407b8-6ce407ba 1659->1665 1662 6ce40782-6ce40789 call 6ce4309d 1660->1662 1663 6ce407a9 1660->1663 1661->1660 1662->1659 1669 6ce4078b-6ce40794 call 6ce3f02a 1662->1669 1663->1665 1669->1659 1669->1660
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • RtlAllocateHeap.NTDLL(00000008,?,00000000,?,6CE404C9,00000001,00000364,FFFFFFFF,000000FF,?,00000001,6CE40750,6CE4068D,?,?,6CE3FB79), ref: 6CE4079F
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1658743870.000000006CE01000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CE00000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658731937.000000006CE00000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658782040.000000006CE48000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658797790.000000006CE4F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658838868.000000006CE9D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_6ce00000_Leside-.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: AllocateHeap
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 1279760036-0
                                                                                                                                                                                                                                      • Opcode ID: deb0401446ca4138d27dafcaf3466e23af74e0cb587ae0fe2f49720afa388feb
                                                                                                                                                                                                                                      • Instruction ID: 2b5cb2b41a894982b68e7a684c4c1b8b9659782e650aacc7f5351c8b2c03f763
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: deb0401446ca4138d27dafcaf3466e23af74e0cb587ae0fe2f49720afa388feb
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C2F0BB3164176456BB117A26AC4CE4B3F749F5277DF34C135E818D7E80CB24D4018DA2

                                                                                                                                                                                                                                      Non-executed Functions

                                                                                                                                                                                                                                      Function 6CE0C260 Relevance: 12.3, Strings: 9, Instructions: 1058COMMON
                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                      control_flow_graph 1802 6ce0c260-6ce0c351 call 6ce1c350 * 2 call 6ce0a780 call 6ce1c350 * 3 1815 6ce0c358-6ce0c363 1802->1815 1816 6ce0c369-6ce0c376 1815->1816 1817 6ce0ce0a-6ce0ce11 1815->1817 1820 6ce0cb38-6ce0ce05 call 6ce0b520 call 6ce1c350 call 6ce02450 call 6ce03710 call 6ce04770 call 6ce1cc50 call 6ce1c350 * 2 call 6ce059d0 call 6ce07ae0 call 6ce1c350 call 6ce07e30 call 6ce1c350 1816->1820 1821 6ce0c37c-6ce0c389 1816->1821 1819 6ce0d35d 1817->1819 1819->1815 1820->1819 1824 6ce0c4fb-6ce0c544 1821->1824 1825 6ce0c38f-6ce0c39c 1821->1825 1824->1819 1829 6ce0c3a2-6ce0c3af 1825->1829 1830 6ce0d0f7-6ce0d356 call 6ce0b520 call 6ce1c350 call 6ce02450 call 6ce03710 call 6ce04770 call 6ce1cc50 call 6ce1c350 * 2 call 6ce059d0 call 6ce07ae0 call 6ce1c350 call 6ce07e30 call 6ce1c350 1825->1830 1836 6ce0c3b5-6ce0c3c2 1829->1836 1837 6ce0c98e-6ce0c995 1829->1837 1830->1819 1843 6ce0c7f2-6ce0c860 1836->1843 1844 6ce0c3c8-6ce0c3d5 1836->1844 1837->1819 1843->1819 1850 6ce0cac5-6ce0cb33 1844->1850 1851 6ce0c3db-6ce0c3e8 1844->1851 1850->1819 1857 6ce0c871-6ce0c8b2 1851->1857 1858 6ce0c3ee-6ce0c3fb 1851->1858 1857->1819 1865 6ce0c401-6ce0c40e 1858->1865 1866 6ce0ca53-6ce0cac4 call 6ce01500 call 6ce1cc50 call 6ce3bf90 1858->1866 1874 6ce0c490-6ce0c4f6 1865->1874 1875 6ce0c414-6ce0c421 1865->1875 1874->1819 1880 6ce0c865-6ce0c86c 1875->1880 1881 6ce0c427-6ce0c434 1875->1881 1880->1819 1891 6ce0c549-6ce0c7ed call 6ce0b520 call 6ce1c350 call 6ce02450 call 6ce03710 call 6ce04770 call 6ce1cc50 call 6ce1c350 * 2 call 6ce059d0 call 6ce07ae0 call 6ce1c350 call 6ce07e30 call 6ce1c350 1881->1891 1892 6ce0c43a-6ce0c447 1881->1892 1891->1819 1900 6ce0c8b7-6ce0c989 call 6ce09400 call 6ce1c350 * 2 1892->1900 1901 6ce0c44d-6ce0c45a 1892->1901 1900->1819 1910 6ce0c460-6ce0c46d 1901->1910 1911 6ce0ce16-6ce0d07c call 6ce0b520 call 6ce1c350 call 6ce02450 call 6ce03710 call 6ce04770 call 6ce1cc50 call 6ce1c350 * 2 call 6ce059d0 call 6ce07ae0 call 6ce1c350 call 6ce07e30 call 6ce1c350 1901->1911 1924 6ce0d081-6ce0d0f2 call 6ce09400 call 6ce1c350 * 2 1910->1924 1925 6ce0c473-6ce0c480 1910->1925 1911->1819 1924->1819 1937 6ce0c486-6ce0c48b 1925->1937 1938 6ce0c99a-6ce0ca4e call 6ce01020 call 6ce1c350 * 2 1925->1938 1937->1819 1938->1819
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1658743870.000000006CE01000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CE00000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658731937.000000006CE00000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658782040.000000006CE48000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658797790.000000006CE4F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658838868.000000006CE9D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_6ce00000_Leside-.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: `v@$argpgaiejngngggrjecearrbcrarkev$gswg$iblaixcqzyyfwfwsdkbrquxethcjibvfcosihbjyemckfoeqatmfsktjmjaiznspbxg$laqxkqcpfyvpakmoyctaiwbatatssaylldhvrbchranhq$ocdxlonrhtobxzbmmppsktncfvbqheqvmuejpgo$ppzlpxpapvbtobg$qejqyjepcouskwewghglymcuckfthzk$uyepcskxzkmblyhryyxanwlmrjrrk
                                                                                                                                                                                                                                      • API String ID: 0-1589591847
                                                                                                                                                                                                                                      • Opcode ID: 5b874f38eff1c985e1465bdbdf8798653018fd708ceeee2ca5f846d62727a81d
                                                                                                                                                                                                                                      • Instruction ID: 48569bdba6a7469b407e333e3a3ecefd4f6cae502c6aae7543babef2e50d1200
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5b874f38eff1c985e1465bdbdf8798653018fd708ceeee2ca5f846d62727a81d
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B2A29BB0A102448FEB04EF68C999B9EBBF1BB06308F158198C4199F762D7759C59CFD2
                                                                                                                                                                                                                                      Function 6CE33150 Relevance: 11.0, APIs: 1, Strings: 5, Instructions: 498COMMONLIBRARYCODE
                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                      control_flow_graph 1993 6ce33150-6ce3315e 1994 6ce33165-6ce33170 1993->1994 1995 6ce33176-6ce33183 1994->1995 1996 6ce334e9-6ce3352a 1994->1996 1999 6ce334a3-6ce334e4 1995->1999 2000 6ce33189-6ce33196 1995->2000 1997 6ce33850 1996->1997 1997->1994 1999->1997 2002 6ce3352f-6ce33578 2000->2002 2003 6ce3319c-6ce331a9 2000->2003 2002->1997 2005 6ce335f0-6ce3366b call 6ce3cd60 2003->2005 2006 6ce331af-6ce331bc 2003->2006 2005->1997 2010 6ce331c2-6ce331cf 2006->2010 2011 6ce337f4-6ce337fb 2006->2011 2013 6ce331d5-6ce331e2 2010->2013 2014 6ce3330f-6ce3337d 2010->2014 2011->1997 2016 6ce33800-6ce33807 2013->2016 2017 6ce331e8-6ce331f5 2013->2017 2014->1997 2016->1997 2019 6ce33790-6ce337ab call 6ce3d4ac 2017->2019 2020 6ce331fb-6ce33208 2017->2020 2024 6ce33784-6ce3378b 2020->2024 2025 6ce3320e-6ce3321b 2020->2025 2024->1997 2027 6ce33221-6ce3322e 2025->2027 2028 6ce3380c-6ce33841 call 6ce3cd60 2025->2028 2031 6ce333d6-6ce3341f 2027->2031 2032 6ce33234-6ce33241 2027->2032 2028->1997 2031->1997 2035 6ce33247-6ce33254 2032->2035 2036 6ce33735-6ce3377f 2032->2036 2038 6ce33382-6ce333d1 2035->2038 2039 6ce3325a-6ce33267 2035->2039 2036->1997 2038->1997 2041 6ce337ae-6ce337b5 2039->2041 2042 6ce3326d-6ce3327a 2039->2042 2041->1997 2044 6ce33280-6ce3328d 2042->2044 2045 6ce336e7-6ce33730 2042->2045 2047 6ce33293-6ce332a0 2044->2047 2048 6ce33424-6ce33492 2044->2048 2045->1997 2050 6ce332a6-6ce332b3 2047->2050 2051 6ce3357d-6ce335eb 2047->2051 2048->1997 2053 6ce33670-6ce336d6 2050->2053 2054 6ce332b9-6ce332c6 2050->2054 2051->1997 2053->1997 2056 6ce336db-6ce336e2 2054->2056 2057 6ce332cc-6ce332d9 2054->2057 2056->1997 2059 6ce33497-6ce3349e 2057->2059 2060 6ce332df-6ce332ec 2057->2060 2059->1997 2062 6ce332f2-6ce332ff 2060->2062 2063 6ce33846-6ce33849 2060->2063 2065 6ce33305-6ce3330a 2062->2065 2066 6ce337ba-6ce337ef call 6ce3cd60 2062->2066 2063->1997 2065->1997 2066->1997
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1658743870.000000006CE01000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CE00000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658731937.000000006CE00000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658782040.000000006CE48000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658797790.000000006CE4F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658838868.000000006CE9D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_6ce00000_Leside-.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: ,uH/$,uH/$@wl`Ql$tj'}$tj'}
                                                                                                                                                                                                                                      • API String ID: 0-3315678848
                                                                                                                                                                                                                                      • Opcode ID: 8864e22e5bb9581ed41ab36cfe6d77c1cdf5aa78d05e00b194bbbb9148019c25
                                                                                                                                                                                                                                      • Instruction ID: 3f7d8653119978d75f9671bcd6f36b87e05561df8ca22b4ee86a0132793afeb4
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8864e22e5bb9581ed41ab36cfe6d77c1cdf5aa78d05e00b194bbbb9148019c25
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4CF10472B441218FDF04CE7CD5957DE77F2AB47358F20621AD919EB784C22AA90BCB05
                                                                                                                                                                                                                                      Function 6CE10440 Relevance: 9.0, Strings: 5, Instructions: 2701COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1658743870.000000006CE01000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CE00000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658731937.000000006CE00000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658782040.000000006CE48000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658797790.000000006CE4F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658838868.000000006CE9D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_6ce00000_Leside-.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: +j-v$i`+-$i`+-$sO(&$sO(&
                                                                                                                                                                                                                                      • API String ID: 0-4217193815
                                                                                                                                                                                                                                      • Opcode ID: 6346de9e5d38ceab044fb8f687fce0f8cfbaab55f134e29d7315d32e89381a68
                                                                                                                                                                                                                                      • Instruction ID: 08f881086a895872b52dfff9d4ec81d70e96b54943b1dbaa0051fef43ed6155e
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6346de9e5d38ceab044fb8f687fce0f8cfbaab55f134e29d7315d32e89381a68
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: AA13CD36A482428FDB18CE7CC9D57CD7BF2AB57324F30911AD412DBB95C63A995A8F00
                                                                                                                                                                                                                                      Function 6CE37C50 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 442COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1658743870.000000006CE01000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CE00000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658731937.000000006CE00000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658782040.000000006CE48000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658797790.000000006CE4F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658838868.000000006CE9D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_6ce00000_Leside-.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: @wl`Ql$d"D`$d"D`
                                                                                                                                                                                                                                      • API String ID: 0-2129895665
                                                                                                                                                                                                                                      • Opcode ID: a59fc45cd1ae2ddc2e2c0326697c6d1c12bf3b398faf4087e07fc03d163cf323
                                                                                                                                                                                                                                      • Instruction ID: 502e14313d486772619a035b6750b107711b06a0dddc38703d71e381b7a7eb01
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a59fc45cd1ae2ddc2e2c0326697c6d1c12bf3b398faf4087e07fc03d163cf323
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 57E10472B406218FDF04CD7CC5953EE77F2AB87324F30661B9929EBB94C22A954AC740
                                                                                                                                                                                                                                      Function 6CE2FA80 Relevance: 7.3, Strings: 4, Instructions: 2283COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1658743870.000000006CE01000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CE00000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658731937.000000006CE00000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658782040.000000006CE48000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658797790.000000006CE4F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658838868.000000006CE9D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_6ce00000_Leside-.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: D<$OtqW$eS6{$o~$p
                                                                                                                                                                                                                                      • API String ID: 0-2376022101
                                                                                                                                                                                                                                      • Opcode ID: bcb91609f3c4c6161261bf05c2af6d7b9ef30dae2c61c09d7fc335ba683fa09e
                                                                                                                                                                                                                                      • Instruction ID: d6624dd74c1b4b6e1f65ae95ee79023d354df56da0f09e92f8c4b8b3aa81f8a3
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: bcb91609f3c4c6161261bf05c2af6d7b9ef30dae2c61c09d7fc335ba683fa09e
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 05F2E436B541218FDB089EBCD9E53DE77F2AB47365F30621AD815DBB94C12A980BCB01
                                                                                                                                                                                                                                      Function 6CE3ED7C Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 77COMMONLIBRARYCODE
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • IsDebuggerPresent.KERNEL32(?,?,?,?,?,?), ref: 6CE3EE74
                                                                                                                                                                                                                                      • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,?), ref: 6CE3EE7E
                                                                                                                                                                                                                                      • UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,?), ref: 6CE3EE8B
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1658743870.000000006CE01000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CE00000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658731937.000000006CE00000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658782040.000000006CE48000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658797790.000000006CE4F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658838868.000000006CE9D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_6ce00000_Leside-.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                                                                                                                                                                                      • String ID: ,(l
                                                                                                                                                                                                                                      • API String ID: 3906539128-2418728688
                                                                                                                                                                                                                                      • Opcode ID: 33fd09247d84080e56209ad2888bc5a69edd478a83c5f0ae1765161fc2a45a15
                                                                                                                                                                                                                                      • Instruction ID: 6b48da007c299e9f9588b9660f8466fe61e2e42ade3f7fbfcc165bdb9570d67b
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 33fd09247d84080e56209ad2888bc5a69edd478a83c5f0ae1765161fc2a45a15
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C231B37591122C9BCB21DF65D9887CDBBB8BF08714F6052DAE41CA7290E770AB85CF84
                                                                                                                                                                                                                                      Function 6CE28A80 Relevance: 6.6, Strings: 4, Instructions: 1551COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1658743870.000000006CE01000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CE00000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658731937.000000006CE00000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658782040.000000006CE48000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658797790.000000006CE4F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658838868.000000006CE9D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_6ce00000_Leside-.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: Fbl[$Fbl[$p%l$p%l
                                                                                                                                                                                                                                      • API String ID: 0-1171640109
                                                                                                                                                                                                                                      • Opcode ID: 145d6f647a6ac4821e9e6986c2baf714b6e1d74f5eaa8a220af7c5062765c940
                                                                                                                                                                                                                                      • Instruction ID: 53c205939e44cd5a64910bc22803e1bf06247a3e3283bb171b9989529870ff44
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 145d6f647a6ac4821e9e6986c2baf714b6e1d74f5eaa8a220af7c5062765c940
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6FC2FF36B412048FDF08DEBCC5917DD7BF2AB87358F20511AE811EB798C63E990A8B01
                                                                                                                                                                                                                                      Function 6CE3A3F0 Relevance: 6.3, Strings: 4, Instructions: 1259COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1658743870.000000006CE01000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CE00000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658731937.000000006CE00000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658782040.000000006CE48000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658797790.000000006CE4F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658838868.000000006CE9D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_6ce00000_Leside-.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: +i$+i$'n?!$'n?!
                                                                                                                                                                                                                                      • API String ID: 0-1444486995
                                                                                                                                                                                                                                      • Opcode ID: d44eccc6cdaf40f3aec2b43ddea3adcb914a2b417a5337fccdbaf512a6a6a058
                                                                                                                                                                                                                                      • Instruction ID: bbd6fbb97f914f25588b935d1a7641175d846bc51e52735ee4de9e6db0e34ae3
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d44eccc6cdaf40f3aec2b43ddea3adcb914a2b417a5337fccdbaf512a6a6a058
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B792D036B805209FCF08DD7CE5E53DD37F3AB43369F20A615D819DBB94D22A990ACA11
                                                                                                                                                                                                                                      Function 6CE3C892 Relevance: 6.1, APIs: 4, Instructions: 73COMMONLIBRARYCODE
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • IsProcessorFeaturePresent.KERNEL32(00000017,?), ref: 6CE3C89E
                                                                                                                                                                                                                                      • IsDebuggerPresent.KERNEL32 ref: 6CE3C96A
                                                                                                                                                                                                                                      • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 6CE3C98A
                                                                                                                                                                                                                                      • UnhandledExceptionFilter.KERNEL32(?), ref: 6CE3C994
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1658743870.000000006CE01000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CE00000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658731937.000000006CE00000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658782040.000000006CE48000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658797790.000000006CE4F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658838868.000000006CE9D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_6ce00000_Leside-.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 254469556-0
                                                                                                                                                                                                                                      • Opcode ID: 4ac392d0bdc026926186e3b8cda77752e3db3cfea0f2481e7b984d4937f2d47f
                                                                                                                                                                                                                                      • Instruction ID: 6faef713bdf915cef8dab59cc1cb2929fe95a6acbfe3d312b04ac9a91afe3466
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4ac392d0bdc026926186e3b8cda77752e3db3cfea0f2481e7b984d4937f2d47f
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F4313C75E0522CDBDB21EFA0D9497CDBBB8BF04308F10519AE40DA7240EB709A85CF45
                                                                                                                                                                                                                                      Function 6CE3B540 Relevance: 5.7, Strings: 4, Instructions: 746COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1658743870.000000006CE01000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CE00000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658731937.000000006CE00000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658782040.000000006CE48000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658797790.000000006CE4F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658838868.000000006CE9D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_6ce00000_Leside-.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: OKV9$OKV9$o:2$o:2
                                                                                                                                                                                                                                      • API String ID: 0-212562071
                                                                                                                                                                                                                                      • Opcode ID: 772c625f2a720189c0d93cb535c2265f95ec3b18cb699c2cc46aceba79ec09c3
                                                                                                                                                                                                                                      • Instruction ID: ba093edf4f40d3158b1fcc29a3ff6f2ea5bd078cf21963c36cbd48bc052d6897
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 772c625f2a720189c0d93cb535c2265f95ec3b18cb699c2cc46aceba79ec09c3
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4B42D236F446118FCB08CE7CD9963DD37F2AB46355F20B116E42AD7B94C62AA90ACF14
                                                                                                                                                                                                                                      Function 6CE1CE10 Relevance: 5.7, Strings: 4, Instructions: 673COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1658743870.000000006CE01000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CE00000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658731937.000000006CE00000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658782040.000000006CE48000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658797790.000000006CE4F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658838868.000000006CE9D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_6ce00000_Leside-.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: 'Eah$'Eah$T\g9$T\g9
                                                                                                                                                                                                                                      • API String ID: 0-1666356655
                                                                                                                                                                                                                                      • Opcode ID: d04f7a20e575649c113968032acb6bc3d0a45e8315cebc3c4a7350c0a47b8eae
                                                                                                                                                                                                                                      • Instruction ID: 6ae58af9bb4a8b3b1033bfd01e57a45113d358e72fecef1321500f6a0195a0b8
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d04f7a20e575649c113968032acb6bc3d0a45e8315cebc3c4a7350c0a47b8eae
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0C22297AB482018FCF06DE7CD5957DE7BF2AB87314F30551AD911DBF94C22A8A0A8B14
                                                                                                                                                                                                                                      Function 6CE26D00 Relevance: 5.2, APIs: 3, Instructions: 665COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1658743870.000000006CE01000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CE00000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658731937.000000006CE00000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658782040.000000006CE48000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658797790.000000006CE4F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658838868.000000006CE9D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_6ce00000_Leside-.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: e4ccd646e335032556c31733cff3ff4c790017c76238295c45f36782d7402769
                                                                                                                                                                                                                                      • Instruction ID: 1a7ee2f6dc12b9e308dea3be37df38674075983df96dfa8cb75a2f118ef37b46
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e4ccd646e335032556c31733cff3ff4c790017c76238295c45f36782d7402769
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: EC223632B502158FCF089E7CC9E53DD7BF2AB87368F306219D411EB795D62E890A8B54
                                                                                                                                                                                                                                      Function 6CE25540 Relevance: 5.1, Strings: 3, Instructions: 1301COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1658743870.000000006CE01000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CE00000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658731937.000000006CE00000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658782040.000000006CE48000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658797790.000000006CE4F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658838868.000000006CE9D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_6ce00000_Leside-.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: o:}0$o:}0$H5Y
                                                                                                                                                                                                                                      • API String ID: 0-3873439405
                                                                                                                                                                                                                                      • Opcode ID: 6161b07c9b01c59bcb3327a68535ae6f3491d01bd84712d4203f1ced28fad357
                                                                                                                                                                                                                                      • Instruction ID: ac757af055253840512601408646bbfde1f0d3eb2c027144148c440e383b4640
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6161b07c9b01c59bcb3327a68535ae6f3491d01bd84712d4203f1ced28fad357
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 01A22536B452558FDF08CEBCD9943DD7BF6FB4B358F209619D415DBB68C22A880A8B01
                                                                                                                                                                                                                                      Function 6CE35F50 Relevance: 4.7, Strings: 3, Instructions: 921COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1658743870.000000006CE01000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CE00000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658731937.000000006CE00000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658782040.000000006CE48000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658797790.000000006CE4F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658838868.000000006CE9D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_6ce00000_Leside-.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: @wl`Ql$h4/$h4/
                                                                                                                                                                                                                                      • API String ID: 0-1029419929
                                                                                                                                                                                                                                      • Opcode ID: 0e2e56d6f0edd6d9b1badb071dc80dae7c5fd2d28d4747c8925a2394c03d2938
                                                                                                                                                                                                                                      • Instruction ID: 57e66e2bb59d0353f2249a2c7758c1c32a6f64666bc70b53c5cee3190677de3f
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0e2e56d6f0edd6d9b1badb071dc80dae7c5fd2d28d4747c8925a2394c03d2938
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1D62F032B402218FDF088E7CD5953DD37FABB47359F20A119D429DBB94C62AA90ACF15
                                                                                                                                                                                                                                      Function 6CE3F462 Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • GetCurrentProcess.KERNEL32(?,?,6CE3F461,?,00000001,?,?), ref: 6CE3F484
                                                                                                                                                                                                                                      • TerminateProcess.KERNEL32(00000000,?,6CE3F461,?,00000001,?,?), ref: 6CE3F48B
                                                                                                                                                                                                                                      • ExitProcess.KERNEL32 ref: 6CE3F49D
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1658743870.000000006CE01000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CE00000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658731937.000000006CE00000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658782040.000000006CE48000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658797790.000000006CE4F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658838868.000000006CE9D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_6ce00000_Leside-.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: Process$CurrentExitTerminate
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 1703294689-0
                                                                                                                                                                                                                                      • Opcode ID: c726f6a13ee49adfb2b2f2dc778a93c81abc3eea66c0b7a114b8119b423d4551
                                                                                                                                                                                                                                      • Instruction ID: 01e1c7020ee4ebe6f629f7173894f66e9dada034134a7c6878219328a2371db9
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c726f6a13ee49adfb2b2f2dc778a93c81abc3eea66c0b7a114b8119b423d4551
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C5E08631110194AFCF317F50C908A893B39EF8135AF208459F959C6A20CB39E942DF90
                                                                                                                                                                                                                                      Function 6CE33F80 Relevance: 4.0, Strings: 3, Instructions: 295COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1658743870.000000006CE01000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CE00000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658731937.000000006CE00000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658782040.000000006CE48000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658797790.000000006CE4F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658838868.000000006CE9D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_6ce00000_Leside-.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: 3#l$R<C$R<C
                                                                                                                                                                                                                                      • API String ID: 0-522363035
                                                                                                                                                                                                                                      • Opcode ID: 122484c9c704e51bc8dba1d058ee213d9bb5616fc78226f65210aab8ecfc2353
                                                                                                                                                                                                                                      • Instruction ID: 5d44caada3c452d29dd9a5b07ec0394b3a71eac19119ec6d677841cfe0bcd830
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 122484c9c704e51bc8dba1d058ee213d9bb5616fc78226f65210aab8ecfc2353
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D2A1BF76B442158FCF04CE7CC8916DD7BF2BB4A318F20A51AD419EBB54C33AA905CB16
                                                                                                                                                                                                                                      Function 6CE27620 Relevance: 3.5, Strings: 2, Instructions: 982COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1658743870.000000006CE01000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CE00000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658731937.000000006CE00000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658782040.000000006CE48000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658797790.000000006CE4F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658838868.000000006CE9D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_6ce00000_Leside-.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: 'J-B$O#4,
                                                                                                                                                                                                                                      • API String ID: 0-284258520
                                                                                                                                                                                                                                      • Opcode ID: 8dbc76d9df9d3b33dd2b968afbd1ea462e2d2012276e4dc9864c92c8f31376fe
                                                                                                                                                                                                                                      • Instruction ID: c360765478d52211a4d6e0a216ed3a9fa89cc31aaec8f8741ac83631b43aff65
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8dbc76d9df9d3b33dd2b968afbd1ea462e2d2012276e4dc9864c92c8f31376fe
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: FE621337B502058FDB088E7CD9D57DE7BF2AB47364F20561AD811EBB94C23E994A8B01
                                                                                                                                                                                                                                      Function 6CE237B0 Relevance: 3.4, Strings: 2, Instructions: 906COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1658743870.000000006CE01000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CE00000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658731937.000000006CE00000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658782040.000000006CE48000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658797790.000000006CE4F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658838868.000000006CE9D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_6ce00000_Leside-.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: E_=H$E_=H
                                                                                                                                                                                                                                      • API String ID: 0-959526469
                                                                                                                                                                                                                                      • Opcode ID: a1d31a0dd8d3c1e1abf063f22fea6fcae8fecd4917a4751bcf514c899f885d11
                                                                                                                                                                                                                                      • Instruction ID: 5015dd65715668876615e149adbbd646591777ca72f252e66323e3267afe3795
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a1d31a0dd8d3c1e1abf063f22fea6fcae8fecd4917a4751bcf514c899f885d11
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: AF521676B402018FCF08DE7CC5D53DE77F69B4B325F20961AC522DB795C22E890A8B55
                                                                                                                                                                                                                                      Function 6CE2EBB0 Relevance: 3.3, Strings: 2, Instructions: 763COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1658743870.000000006CE01000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CE00000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658731937.000000006CE00000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658782040.000000006CE48000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658797790.000000006CE4F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658838868.000000006CE9D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_6ce00000_Leside-.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: ,eq$i/'
                                                                                                                                                                                                                                      • API String ID: 0-874911227
                                                                                                                                                                                                                                      • Opcode ID: 17ee42644fa396b40650703f2fd9d85b98e9c3748fc16fd634365f9022eeb572
                                                                                                                                                                                                                                      • Instruction ID: 234ffdab6f0e60955f58977443435b0e2c5399f2827ff63c8f57dd0d877fa63a
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 17ee42644fa396b40650703f2fd9d85b98e9c3748fc16fd634365f9022eeb572
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9842F132E446258FDF08DE7CD5957CD77F2EB07319F345215D421ABBA0CA2E990A8B81
                                                                                                                                                                                                                                      Function 6CE20190 Relevance: 3.2, Strings: 2, Instructions: 730COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1658743870.000000006CE01000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CE00000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658731937.000000006CE00000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658782040.000000006CE48000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658797790.000000006CE4F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658838868.000000006CE9D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_6ce00000_Leside-.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: )5\l$)5\l
                                                                                                                                                                                                                                      • API String ID: 0-132399245
                                                                                                                                                                                                                                      • Opcode ID: 9ad0e56ff2164cd1c949cb67b4d91ea23e61990564d2021cfac110a9b6406d1f
                                                                                                                                                                                                                                      • Instruction ID: 41d751fafb8ed3d41dc12d3f676e2f6278834e91a4c579e3f4958083ea5f4a82
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9ad0e56ff2164cd1c949cb67b4d91ea23e61990564d2021cfac110a9b6406d1f
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: BA32BE72B416418FDF08DE7CD5A53DE3BF2AB87325F30521AD411EBBD4D62A890A8B11
                                                                                                                                                                                                                                      Function 6CE1EAB0 Relevance: 3.2, Strings: 2, Instructions: 709COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1658743870.000000006CE01000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CE00000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658731937.000000006CE00000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658782040.000000006CE48000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658797790.000000006CE4F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658838868.000000006CE9D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_6ce00000_Leside-.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: P(E$P(E
                                                                                                                                                                                                                                      • API String ID: 0-1669364682
                                                                                                                                                                                                                                      • Opcode ID: 40b700bfa4e690344cde4e45e93a9e13daea08aebfeed592485ff5b3100fd0d2
                                                                                                                                                                                                                                      • Instruction ID: 1018e99b0141122bc32ce0cc5189e8102f17015d0ebec2fd00c716294032948b
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 40b700bfa4e690344cde4e45e93a9e13daea08aebfeed592485ff5b3100fd0d2
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 323202767485418FCF089D7CC9D53EE3BF2AB87364F305119D421DBF94D22E8A0A8A90
                                                                                                                                                                                                                                      Function 6CE1C350 Relevance: 3.2, Strings: 2, Instructions: 654COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1658743870.000000006CE01000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CE00000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658731937.000000006CE00000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658782040.000000006CE48000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658797790.000000006CE4F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658838868.000000006CE9D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_6ce00000_Leside-.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: tO,b$tO,b
                                                                                                                                                                                                                                      • API String ID: 0-3347952807
                                                                                                                                                                                                                                      • Opcode ID: 88b3d1a2932287a8a65005b13f95ec7077889ef23a872cd45ac92400b2c9a527
                                                                                                                                                                                                                                      • Instruction ID: e6061180e45deb57308b514770620580dfa63c80a93db5d0eb72daa64f6e62ed
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 88b3d1a2932287a8a65005b13f95ec7077889ef23a872cd45ac92400b2c9a527
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 17320372B482058FCF08EE7CD5917DE7BF2AB4A314F20852AD412E7B54CA39990ACF55
                                                                                                                                                                                                                                      Function 6CE2CC10 Relevance: 3.1, Strings: 2, Instructions: 624COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1658743870.000000006CE01000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CE00000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658731937.000000006CE00000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658782040.000000006CE48000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658797790.000000006CE4F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658838868.000000006CE9D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_6ce00000_Leside-.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: p}i<$F
                                                                                                                                                                                                                                      • API String ID: 0-3465379454
                                                                                                                                                                                                                                      • Opcode ID: 025f511d8484a06f335f779b6d5618e11c1b4f99f3ef34f31542ed894486b8a6
                                                                                                                                                                                                                                      • Instruction ID: c45428debf48aee3e43b07f0db5c12930ad1078f50142f2ef72e48098a35638e
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 025f511d8484a06f335f779b6d5618e11c1b4f99f3ef34f31542ed894486b8a6
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1122FB7AB502558FDF04DE7CC8D17EE77F2AB57364F20921AD915D7B90C22A990ACB00
                                                                                                                                                                                                                                      Function 6CE21190 Relevance: 3.0, Strings: 2, Instructions: 540COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1658743870.000000006CE01000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CE00000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658731937.000000006CE00000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658782040.000000006CE48000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658797790.000000006CE4F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658838868.000000006CE9D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_6ce00000_Leside-.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: VxV$VxV
                                                                                                                                                                                                                                      • API String ID: 0-1435218220
                                                                                                                                                                                                                                      • Opcode ID: 8de0db6196b6f6cd212475818b4f960401f351811eeacb1e8905a71f015398a3
                                                                                                                                                                                                                                      • Instruction ID: f160be792aa192ad622c2c4f414be3bb7f43af64fd8278f3cb022b82466d8c69
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8de0db6196b6f6cd212475818b4f960401f351811eeacb1e8905a71f015398a3
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3002E036B442098FCB08CEBCD9957EE77F2AB47315F21511AD811E7744C62F8E0A9B15
                                                                                                                                                                                                                                      Function 6CE1E3B0 Relevance: 3.0, Strings: 2, Instructions: 517COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1658743870.000000006CE01000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CE00000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658731937.000000006CE00000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658782040.000000006CE48000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658797790.000000006CE4F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658838868.000000006CE9D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_6ce00000_Leside-.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: TF>.$TF>.
                                                                                                                                                                                                                                      • API String ID: 0-2056618758
                                                                                                                                                                                                                                      • Opcode ID: 7ba0d7700c30090d689f15ea041d660065e43ca144d5de01da113ad7d89e1fd3
                                                                                                                                                                                                                                      • Instruction ID: 3525622f7fe09d9581384cae3a8e2c976151046126973d72a1ad07d9c451949f
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7ba0d7700c30090d689f15ea041d660065e43ca144d5de01da113ad7d89e1fd3
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 31F12836B489118FDF089DBCC5D93DD7BF2AB8B324F345519E411E7F90D22A880A8B94
                                                                                                                                                                                                                                      Function 6CE2A9B0 Relevance: 2.9, Strings: 2, Instructions: 407COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1658743870.000000006CE01000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CE00000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658731937.000000006CE00000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658782040.000000006CE48000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658797790.000000006CE4F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658838868.000000006CE9D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_6ce00000_Leside-.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: EhIB$EhIB
                                                                                                                                                                                                                                      • API String ID: 0-2233933190
                                                                                                                                                                                                                                      • Opcode ID: a825bf00e0a589bbc3b8eccee74d2b1abca1d6be1c3e7d5c825035b636193b55
                                                                                                                                                                                                                                      • Instruction ID: d2ed4db388b29c95d02c59465f064e3de3b398dd41f3c2c9b443f5f94a5a12bb
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a825bf00e0a589bbc3b8eccee74d2b1abca1d6be1c3e7d5c825035b636193b55
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: BFE1C076B842058FDF04DEBCD5953DE7BF2AB4A318F209519E421EB791C22E990ACF50
                                                                                                                                                                                                                                      Function 6CE2AF30 Relevance: 2.9, Strings: 2, Instructions: 372COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1658743870.000000006CE01000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CE00000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658731937.000000006CE00000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658782040.000000006CE48000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658797790.000000006CE4F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658838868.000000006CE9D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_6ce00000_Leside-.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: 7!u$7!u
                                                                                                                                                                                                                                      • API String ID: 0-2406978722
                                                                                                                                                                                                                                      • Opcode ID: 046d24205f7fa3ecfeb53e17ed651f21ffdedec6a5dca96d0344b4a9003f6307
                                                                                                                                                                                                                                      • Instruction ID: 130d10c7a23859b61a7f135694cb5f148b6f8bc4c6da42d062a63601ab3b7576
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 046d24205f7fa3ecfeb53e17ed651f21ffdedec6a5dca96d0344b4a9003f6307
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D5C1F376F442458FCF04CE7CC5957DE7BF2AB4B354F208116D822EB790D62E890A8B1A
                                                                                                                                                                                                                                      Function 6CE1F470 Relevance: 2.9, Strings: 2, Instructions: 364COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1658743870.000000006CE01000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CE00000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658731937.000000006CE00000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658782040.000000006CE48000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658797790.000000006CE4F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658838868.000000006CE9D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_6ce00000_Leside-.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: iK6;$iK6;
                                                                                                                                                                                                                                      • API String ID: 0-4052201937
                                                                                                                                                                                                                                      • Opcode ID: 2a7e2ced7e14b7eaec19846f6abb46c5718e4e0335511ec59b1f0cb883ada530
                                                                                                                                                                                                                                      • Instruction ID: e43f5b853ffac073daa3c0a9be76a31574b7a5162fb905365f9f75d64e49fbe4
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2a7e2ced7e14b7eaec19846f6abb46c5718e4e0335511ec59b1f0cb883ada530
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 15C1E576B581058FDF049E7CC9D53EE3BF2A747365F20A21AC425A7F94C12E851A8B90
                                                                                                                                                                                                                                      Function 6CE01020 Relevance: 2.9, Strings: 2, Instructions: 356COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1658743870.000000006CE01000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CE00000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658731937.000000006CE00000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658782040.000000006CE48000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658797790.000000006CE4F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658838868.000000006CE9D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_6ce00000_Leside-.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: 6b2$bmnvidjapmuqvqlivxazircppbjomunmxpjyeiwubtphnmhendbjxyloyarbch
                                                                                                                                                                                                                                      • API String ID: 0-219893035
                                                                                                                                                                                                                                      • Opcode ID: 3f959435ee09d974f98c4c3aa064a09ae2ffa86d8cfb04a92f0c7c2d2b92fa98
                                                                                                                                                                                                                                      • Instruction ID: 1310abf0519a7654ad85d1f2e0fc7ff08f4a5f1df4c643585d26351ae96cd0d0
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3f959435ee09d974f98c4c3aa064a09ae2ffa86d8cfb04a92f0c7c2d2b92fa98
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 42C1AE32304B418FC724DE7CC5946877BF2BB46358B205A1ED896CBFA1D725E81ACB85
                                                                                                                                                                                                                                      Function 6CE38260 Relevance: 2.7, Strings: 2, Instructions: 229COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1658743870.000000006CE01000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CE00000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658731937.000000006CE00000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658782040.000000006CE48000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658797790.000000006CE4F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658838868.000000006CE9D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_6ce00000_Leside-.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: O2Iu$a*6
                                                                                                                                                                                                                                      • API String ID: 0-2619040148
                                                                                                                                                                                                                                      • Opcode ID: a5006abd449e5750f2990cdd277398e3d9822e562ebbbe58a42ea483cea04db2
                                                                                                                                                                                                                                      • Instruction ID: e312140016181c6814694dcfedade8e6ca3867df3c1160b7ff33fef2af5a4ad3
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a5006abd449e5750f2990cdd277398e3d9822e562ebbbe58a42ea483cea04db2
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6E711432A445158FDF04CE7CC6907EE7BF2AB47318F30A11BD415EBB51C226AA0ACB61
                                                                                                                                                                                                                                      Function 6CE29F90 Relevance: 2.7, Strings: 2, Instructions: 226COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1658743870.000000006CE01000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CE00000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658731937.000000006CE00000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658782040.000000006CE48000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658797790.000000006CE4F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658838868.000000006CE9D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_6ce00000_Leside-.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: 0\7$0\7
                                                                                                                                                                                                                                      • API String ID: 0-2815222538
                                                                                                                                                                                                                                      • Opcode ID: 54a5315f750ea9f6197fd3a1dca65b97433390dc9a727ac201c773a0e6ef30e5
                                                                                                                                                                                                                                      • Instruction ID: 900050bcf8706ec71d2ac27f9bd0308c93d5cc29881ed65c1ed9880019f797d0
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 54a5315f750ea9f6197fd3a1dca65b97433390dc9a727ac201c773a0e6ef30e5
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7E71D473B852068FDF08CEBCC6C57EE7BF2AB43348F209416A415D7B59D52E890A8B51
                                                                                                                                                                                                                                      Function 6CE39420 Relevance: 2.4, Strings: 1, Instructions: 1173COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1658743870.000000006CE01000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CE00000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658731937.000000006CE00000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658782040.000000006CE48000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658797790.000000006CE4F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658838868.000000006CE9D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_6ce00000_Leside-.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: DBhH
                                                                                                                                                                                                                                      • API String ID: 0-2467258837
                                                                                                                                                                                                                                      • Opcode ID: 5469e856aeadf43bd0eb54c1d36101d2f4502ea589662d7a32c6fd9f52f0be77
                                                                                                                                                                                                                                      • Instruction ID: 8d66a75566a6b1a3f75044d131c291bb2e3c38461a927872a8fdf0b994c08b47
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5469e856aeadf43bd0eb54c1d36101d2f4502ea589662d7a32c6fd9f52f0be77
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3982D036B442118FCF08CEBCD5E57DD77F2EB87315F24A119E8199B794C62AA90ACB40
                                                                                                                                                                                                                                      Function 6CE21920 Relevance: 2.4, Strings: 1, Instructions: 1141COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1658743870.000000006CE01000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CE00000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658731937.000000006CE00000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658782040.000000006CE48000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658797790.000000006CE4F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658838868.000000006CE9D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_6ce00000_Leside-.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: C<*
                                                                                                                                                                                                                                      • API String ID: 0-2991917769
                                                                                                                                                                                                                                      • Opcode ID: 6263dd93cf6bb057c4e7c1619b08d1ef32a32357da4e70722225cc87a67c9990
                                                                                                                                                                                                                                      • Instruction ID: ea4139aa99752ceabb5651d75f3babd0262d2d15835217b0ba0b71c7dba7a1b5
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6263dd93cf6bb057c4e7c1619b08d1ef32a32357da4e70722225cc87a67c9990
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D7822236B551008FDB08CEBCC9993ED77F2AB57364F74611AD415EBB54C22E9E0AAB00
                                                                                                                                                                                                                                      Function 6CE31FF0 Relevance: 1.9, Strings: 1, Instructions: 614COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1658743870.000000006CE01000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CE00000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658731937.000000006CE00000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658782040.000000006CE48000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658797790.000000006CE4F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658838868.000000006CE9D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_6ce00000_Leside-.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: bad array new length
                                                                                                                                                                                                                                      • API String ID: 0-1242854226
                                                                                                                                                                                                                                      • Opcode ID: ff5b7a5e4b9fc0013f745ef343572d6a8f9b0a10df53d461fbb43375efd0073c
                                                                                                                                                                                                                                      • Instruction ID: f40d38cbce4313ad2a8d49aa3b6ebd4f3cdc5f7364ed306942da2d23a8720031
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ff5b7a5e4b9fc0013f745ef343572d6a8f9b0a10df53d461fbb43375efd0073c
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3D120436F442118FCF04DE7CC9993DE3BF2AB57358F30A11AD4659B795C22A5A0ACB90
                                                                                                                                                                                                                                      Function 6CE2C440 Relevance: 1.8, Strings: 1, Instructions: 569COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1658743870.000000006CE01000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CE00000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658731937.000000006CE00000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658782040.000000006CE48000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658797790.000000006CE4F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658838868.000000006CE9D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_6ce00000_Leside-.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: _k
                                                                                                                                                                                                                                      • API String ID: 0-1815099553
                                                                                                                                                                                                                                      • Opcode ID: b159df2a1cbb55244e6811fe5056e808e83cab673d7e85ee134f3c47c98d6cda
                                                                                                                                                                                                                                      • Instruction ID: f6b58db13a91749a753b203a638cfafc2bd38546d465059035007cc1dd64720d
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b159df2a1cbb55244e6811fe5056e808e83cab673d7e85ee134f3c47c98d6cda
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C812D076B801058FEB04EE6CD5D63DD7BF2AB4B324F34651AD411EB794C22EC84A8B50
                                                                                                                                                                                                                                      Function 6CE2B450 Relevance: 1.8, Strings: 1, Instructions: 562COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1658743870.000000006CE01000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CE00000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658731937.000000006CE00000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658782040.000000006CE48000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658797790.000000006CE4F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658838868.000000006CE9D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_6ce00000_Leside-.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: UVL
                                                                                                                                                                                                                                      • API String ID: 0-1545186319
                                                                                                                                                                                                                                      • Opcode ID: 82f39d32e3afa40df08a21f3ad57af9485866264d2689ea0460a7477cba00e19
                                                                                                                                                                                                                                      • Instruction ID: 550df0d8fed3e32dffc6649e1472af813c95b69b95f76c7ab3330389d7c9138c
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 82f39d32e3afa40df08a21f3ad57af9485866264d2689ea0460a7477cba00e19
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8512CE36F642058FCB04CE7CD9D5BDD7BF2AB46315F305219E812DB794D22E990A8B11
                                                                                                                                                                                                                                      Function 6CE46A51 Relevance: 1.8, APIs: 1, Instructions: 274COMMONLIBRARYCODE
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,6CE46A4C,?,?,00000008,?,?,6CE466E4,00000000), ref: 6CE46C7E
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1658743870.000000006CE01000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CE00000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658731937.000000006CE00000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658782040.000000006CE48000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658797790.000000006CE4F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658838868.000000006CE9D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_6ce00000_Leside-.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: ExceptionRaise
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 3997070919-0
                                                                                                                                                                                                                                      • Opcode ID: 422e1507489a5da9031f0d3f328eb625f266a9313e5ffb790fa3c4d48cd93a57
                                                                                                                                                                                                                                      • Instruction ID: 34e76f4e90923bdc43aa1ebf93d2d5bac6430edc6979b2192e3d1e16b362552d
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 422e1507489a5da9031f0d3f328eb625f266a9313e5ffb790fa3c4d48cd93a57
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 55B103316216088FDB05CF28D486B997BB4FB45369F35C658E8A9CF6A1C335E992CB40
                                                                                                                                                                                                                                      Function 6CE0D370 Relevance: 1.7, Strings: 1, Instructions: 434COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1658743870.000000006CE01000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CE00000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658731937.000000006CE00000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658782040.000000006CE48000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658797790.000000006CE4F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658838868.000000006CE9D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_6ce00000_Leside-.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: *-4
                                                                                                                                                                                                                                      • API String ID: 0-880298536
                                                                                                                                                                                                                                      • Opcode ID: c9c8f25bc80684a0caa83e968a005f3675930176e946998f13f3686e60a6f781
                                                                                                                                                                                                                                      • Instruction ID: 6695c43a315002a44ecdac4ae1ee7ffb11cece9e969d32bcc9e466e4e7ee2bf2
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c9c8f25bc80684a0caa83e968a005f3675930176e946998f13f3686e60a6f781
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: ADD1073AB442418FCF04CE7CC5953DE7BF2AB47325F349115D821E77A8C72A9A1A8B64
                                                                                                                                                                                                                                      Function 6CE26780 Relevance: 1.7, Strings: 1, Instructions: 408COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1658743870.000000006CE01000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CE00000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658731937.000000006CE00000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658782040.000000006CE48000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658797790.000000006CE4F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658838868.000000006CE9D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_6ce00000_Leside-.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: J>#
                                                                                                                                                                                                                                      • API String ID: 0-3736109351
                                                                                                                                                                                                                                      • Opcode ID: 82f5f1bb94a9a9135cb619e0668f5e156fb44c07685679271637768b83629a06
                                                                                                                                                                                                                                      • Instruction ID: f210fe422a094b2b94ef801af2b79bf26eed98c742800c3a87a3c92654838a8c
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 82f5f1bb94a9a9135cb619e0668f5e156fb44c07685679271637768b83629a06
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C8D1E436F455428FCF089D7CC5953EE77FAAB43364F3093268825DB794D12E4A0A8B91
                                                                                                                                                                                                                                      Function 6CE3CA58 Relevance: 1.6, APIs: 1, Instructions: 144COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • IsProcessorFeaturePresent.KERNEL32(0000000A), ref: 6CE3CA6E
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1658743870.000000006CE01000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CE00000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658731937.000000006CE00000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658782040.000000006CE48000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658797790.000000006CE4F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658838868.000000006CE9D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_6ce00000_Leside-.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: FeaturePresentProcessor
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 2325560087-0
                                                                                                                                                                                                                                      • Opcode ID: 93a05c50ec47d9a7e96f4301acde4f45b15949a8ffaa0928fb9964dfba50c20a
                                                                                                                                                                                                                                      • Instruction ID: acfc7ae518612a952000449d818eae78e9c1c8098ee380a7a18319437a65b31a
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 93a05c50ec47d9a7e96f4301acde4f45b15949a8ffaa0928fb9964dfba50c20a
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3A515FB1F012298BEB24DF59C58179AB7F0FB49318F20896AD419EB740E775E940CB50
                                                                                                                                                                                                                                      Function 6CE40B60 Relevance: 1.6, APIs: 1, Instructions: 140COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1658743870.000000006CE01000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CE00000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658731937.000000006CE00000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658782040.000000006CE48000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658797790.000000006CE4F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658838868.000000006CE9D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_6ce00000_Leside-.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 2ddd0c17f81f45856ef9bd496d22b5f4d63651fac125964b470dcf9279261af0
                                                                                                                                                                                                                                      • Instruction ID: 7dd579d443238daf08d797e376df4149670f78b217cc853d1770fcc10dec09da
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2ddd0c17f81f45856ef9bd496d22b5f4d63651fac125964b470dcf9279261af0
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1E41A471804258AFDF10DF69DC88AEABBB8AF55308F2442EDE41DD3600D6349A858F50
                                                                                                                                                                                                                                      Function 6CE1F970 Relevance: 1.6, Strings: 1, Instructions: 376COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1658743870.000000006CE01000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CE00000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658731937.000000006CE00000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658782040.000000006CE48000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658797790.000000006CE4F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658838868.000000006CE9D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_6ce00000_Leside-.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: <Am
                                                                                                                                                                                                                                      • API String ID: 0-446091913
                                                                                                                                                                                                                                      • Opcode ID: 771f6008a9bd038fd4723138c144c7d9c2b3d2729a9ad79d46f5d57d670c2ffd
                                                                                                                                                                                                                                      • Instruction ID: 4c709e0129c58a39f8489eb4516d3f90ca14c466813e9df74fd77b8e9662b16e
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 771f6008a9bd038fd4723138c144c7d9c2b3d2729a9ad79d46f5d57d670c2ffd
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3BC1BD76B481068FCB08DE7CC6943DE7BF3AB87358F249516D411E7F45D22E8A0A8B91
                                                                                                                                                                                                                                      Function 6CE37740 Relevance: 1.6, Strings: 1, Instructions: 368COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1658743870.000000006CE01000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CE00000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658731937.000000006CE00000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658782040.000000006CE48000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658797790.000000006CE4F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658838868.000000006CE9D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_6ce00000_Leside-.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: .4o
                                                                                                                                                                                                                                      • API String ID: 0-347971548
                                                                                                                                                                                                                                      • Opcode ID: 744a6902d898360aa609404636f974db79014712558586092522d5c03a2f791f
                                                                                                                                                                                                                                      • Instruction ID: b4496e86e720d8293a8b43fb4efe397334833aec8f190142c6c95ee3c5984401
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 744a6902d898360aa609404636f974db79014712558586092522d5c03a2f791f
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6BD1EF72E44225DFCF08CE7CD6D57CD7BF2AB4A314F216219E819EBB50C629A906CB04
                                                                                                                                                                                                                                      Function 6CE14050 Relevance: 1.5, Strings: 1, Instructions: 243COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1658743870.000000006CE01000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CE00000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658731937.000000006CE00000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658782040.000000006CE48000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658797790.000000006CE4F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658838868.000000006CE9D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_6ce00000_Leside-.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: u%jd
                                                                                                                                                                                                                                      • API String ID: 0-2532191701
                                                                                                                                                                                                                                      • Opcode ID: 6478028c7b896438ca8021deb2ae26535ffded37ae1cc7749ff04033564e1174
                                                                                                                                                                                                                                      • Instruction ID: 829b96ae87eda3dcc3802e03c62dcd2571f2e5f4d602d2108bebf9771a8b2c9c
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6478028c7b896438ca8021deb2ae26535ffded37ae1cc7749ff04033564e1174
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: BB81E272F081158FCB04CE7CD9917DEBBF1BB4A328F20461AE521EBB94C6359D068B95
                                                                                                                                                                                                                                      Function 6CE1D750 Relevance: .9, Instructions: 891COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1658743870.000000006CE01000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CE00000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658731937.000000006CE00000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658782040.000000006CE48000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658797790.000000006CE4F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658838868.000000006CE9D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_6ce00000_Leside-.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 6f210e43f66e96e82f5c8a73cd913ddaf4539e2d4bfb305ee9209278c9a8211f
                                                                                                                                                                                                                                      • Instruction ID: a148ca9451b95c4d423577ebf3de1c024628b47200e512b1506aeb52007cfecc
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6f210e43f66e96e82f5c8a73cd913ddaf4539e2d4bfb305ee9209278c9a8211f
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D762DF76B496048FCF08DEBCD5D93DE7BF2AB47314F245519E812DBF94C22A891A8B40
                                                                                                                                                                                                                                      Function 6CE38580 Relevance: .6, Instructions: 575COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1658743870.000000006CE01000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CE00000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658731937.000000006CE00000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658782040.000000006CE48000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658797790.000000006CE4F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658838868.000000006CE9D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_6ce00000_Leside-.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: e3a8bba87fba59b83baf62b40ce9d927dc37985ee10c2660ad373f50a11e5606
                                                                                                                                                                                                                                      • Instruction ID: b5c0872d4206ee2bca0cd35ae2f0d1df65fa726140b3cef14db28dca192db2b4
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e3a8bba87fba59b83baf62b40ce9d927dc37985ee10c2660ad373f50a11e5606
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7C12A176B406158FCF08CE7CD5953CD7BF2AB57324F20A617D829EB790C62A690ACB04
                                                                                                                                                                                                                                      Function 6CE283E0 Relevance: .5, Instructions: 509COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1658743870.000000006CE01000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CE00000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658731937.000000006CE00000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658782040.000000006CE48000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658797790.000000006CE4F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658838868.000000006CE9D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_6ce00000_Leside-.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 95f1a295eccd5c5494358330f2a6455fe195c443ae2b76a426b4bcd4bdb05c8b
                                                                                                                                                                                                                                      • Instruction ID: 5845a743c72da00d4a63ed62cef142a5216f0ac311ab9b778fcd94ca3cc457de
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 95f1a295eccd5c5494358330f2a6455fe195c443ae2b76a426b4bcd4bdb05c8b
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6B02EF77B512048FCF18CE7CD5953DE77F2AB4B358F30A11AE851EB794C62A990A8B40
                                                                                                                                                                                                                                      Function 6CE2A2D0 Relevance: .5, Instructions: 486COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1658743870.000000006CE01000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CE00000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658731937.000000006CE00000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658782040.000000006CE48000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658797790.000000006CE4F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658838868.000000006CE9D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_6ce00000_Leside-.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 4e0654a5f370ec69cce07496b8c311c17c0e98ad068256d8701c888fd926ea7b
                                                                                                                                                                                                                                      • Instruction ID: abad153bb7ce1b4ef70ebfa077aaaefa4ded5db6a0ef0202752451d54776af34
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4e0654a5f370ec69cce07496b8c311c17c0e98ad068256d8701c888fd926ea7b
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: AB02E072B802458FCB08DEBCE9957ED7BF2AB4B314F209529E801EB754D63D9909CB41
                                                                                                                                                                                                                                      Function 6CE24F60 Relevance: .4, Instructions: 431COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1658743870.000000006CE01000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CE00000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658731937.000000006CE00000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658782040.000000006CE48000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658797790.000000006CE4F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658838868.000000006CE9D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_6ce00000_Leside-.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 7f59e8accfb8812907394a99f3fcdb4a2a51db1510d01a5597a2d9e8ee26f88e
                                                                                                                                                                                                                                      • Instruction ID: a3be76d1c4a213c04c775c3b18123cbd0aeec17fa48d41376c2fb19187a1399e
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7f59e8accfb8812907394a99f3fcdb4a2a51db1510d01a5597a2d9e8ee26f88e
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 80D12972B825124FCF04DDBCC6953EE77F29B43325F309516D425D7B98D22E850A8B51
                                                                                                                                                                                                                                      Function 6CE24660 Relevance: .4, Instructions: 391COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1658743870.000000006CE01000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CE00000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658731937.000000006CE00000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658782040.000000006CE48000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658797790.000000006CE4F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658838868.000000006CE9D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_6ce00000_Leside-.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: b400e316ecd6162a5bb3848f5beeba29bdcc8a200b3018149ce29a95769052bf
                                                                                                                                                                                                                                      • Instruction ID: c8a6622a2acea71bc55f6a33de08b8dec82d42d587df552c8538d5bd11f7a2d5
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b400e316ecd6162a5bb3848f5beeba29bdcc8a200b3018149ce29a95769052bf
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7AC10636B555168FCB089E7CC5D53EE37F29B83329F30A117D825DBB94C22E890A8B05
                                                                                                                                                                                                                                      Function 6CE22CC0 Relevance: .4, Instructions: 370COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1658743870.000000006CE01000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CE00000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658731937.000000006CE00000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658782040.000000006CE48000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658797790.000000006CE4F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658838868.000000006CE9D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_6ce00000_Leside-.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 593a06440b8b8bb03fc9eb277904cf59f89bbe2120bd608891980aa093887117
                                                                                                                                                                                                                                      • Instruction ID: ef2ed8f46052dbba20d6f734ce6dc4a4c07785bca4020325999ca159ebcab501
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 593a06440b8b8bb03fc9eb277904cf59f89bbe2120bd608891980aa093887117
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8AC13773B902018FDF089E7CC8D93EE7BF6AB97329F30551AD4119BB94C52E450A8B50
                                                                                                                                                                                                                                      Function 6CE38EF0 Relevance: .4, Instructions: 367COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1658743870.000000006CE01000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CE00000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658731937.000000006CE00000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658782040.000000006CE48000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658797790.000000006CE4F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658838868.000000006CE9D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_6ce00000_Leside-.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: d9a53329dd04ad6461b7899dc5a4305a8861dbe3b46d831a6fc645072afd9c6b
                                                                                                                                                                                                                                      • Instruction ID: feca2a5f366f9080066324c83c1d2459f3cb8455714eb07b085f96e53920625b
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d9a53329dd04ad6461b7899dc5a4305a8861dbe3b46d831a6fc645072afd9c6b
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 24C11476A412558FCF04DE7CD5C12DD7BF2AB86314F34E11AE818E7784DA3AA90ACB05
                                                                                                                                                                                                                                      Function 6CE2F650 Relevance: .3, Instructions: 313COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1658743870.000000006CE01000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CE00000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658731937.000000006CE00000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658782040.000000006CE48000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658797790.000000006CE4F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658838868.000000006CE9D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_6ce00000_Leside-.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 25bfb810cb0d44238342f6705b06d5b84533a1ebfae203affb69f3d5954bfd2b
                                                                                                                                                                                                                                      • Instruction ID: 2ec4fbfbd656c9b8e5c10d74f64706b374b02361f4646042a8f11e702528d94a
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 25bfb810cb0d44238342f6705b06d5b84533a1ebfae203affb69f3d5954bfd2b
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 16A13676F402158FDF08DEBCC6A57DE7BF1EB4B324F20911AD411AB794D22E490A8B64
                                                                                                                                                                                                                                      Function 6CE31C00 Relevance: .3, Instructions: 283COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1658743870.000000006CE01000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CE00000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658731937.000000006CE00000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658782040.000000006CE48000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658797790.000000006CE4F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658838868.000000006CE9D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_6ce00000_Leside-.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 2ed3ec38347301b472551542911c5162bc0fe0e6b93f500892213662d041530b
                                                                                                                                                                                                                                      • Instruction ID: beefe000ebc21f6f2b22053a64ed7a8c319745fb7c770415bba4290674d63112
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2ed3ec38347301b472551542911c5162bc0fe0e6b93f500892213662d041530b
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 77911A36B442158FCF089EBCC8963EE7BF29B43359F20651DD4199BB85C62AE50BC741
                                                                                                                                                                                                                                      Function 6CE20DB0 Relevance: .3, Instructions: 282COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1658743870.000000006CE01000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CE00000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658731937.000000006CE00000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658782040.000000006CE48000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658797790.000000006CE4F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658838868.000000006CE9D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_6ce00000_Leside-.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 008ae45dd8cf19c7f93f18edbe391470138628ad89ba72c8f04d117140ebfda5
                                                                                                                                                                                                                                      • Instruction ID: 05f2b08656fecb1289e00d66e56097d0dcd766d3d813d840ae28aa61b35fa307
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 008ae45dd8cf19c7f93f18edbe391470138628ad89ba72c8f04d117140ebfda5
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 71910436B441468FDF08CEBCC5957EE77F2AB4B318F209115D421ABB94C22E8E4ACB51
                                                                                                                                                                                                                                      Function 6CE231C0 Relevance: .3, Instructions: 274COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1658743870.000000006CE01000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CE00000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658731937.000000006CE00000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658782040.000000006CE48000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658797790.000000006CE4F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658838868.000000006CE9D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_6ce00000_Leside-.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 4de52675c1349042e202b376ab4f9a9faa0f4add266c9dcfd619f5e0e2f73283
                                                                                                                                                                                                                                      • Instruction ID: e4af564c23b0b7efb3e567b9d2590cb5fa894abbe6cefb24b50929cdc6a99333
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4de52675c1349042e202b376ab4f9a9faa0f4add266c9dcfd619f5e0e2f73283
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E691F236B842158FCF049EBCC9D53EE77F6AB47364F30511AC8259BBA4C52D890A8F41
                                                                                                                                                                                                                                      Function 6CE32D80 Relevance: .3, Instructions: 263COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1658743870.000000006CE01000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CE00000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658731937.000000006CE00000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658782040.000000006CE48000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658797790.000000006CE4F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658838868.000000006CE9D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_6ce00000_Leside-.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 9e515a2633873dcfb42eb9ceb80ceee730fa79923d7751641bc65d3cbc3d99b6
                                                                                                                                                                                                                                      • Instruction ID: bb7a5b382064a097ccddcba4bc589f0f043cebb33fe7feb7df14719ce0a691df
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9e515a2633873dcfb42eb9ceb80ceee730fa79923d7751641bc65d3cbc3d99b6
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A0910477A442158FCB04DEBCC5967DE7BF2AB56344F30611AD814E7784C23AAA4ACB81
                                                                                                                                                                                                                                      Function 6CE24BB0 Relevance: .3, Instructions: 260COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1658743870.000000006CE01000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CE00000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658731937.000000006CE00000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658782040.000000006CE48000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658797790.000000006CE4F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658838868.000000006CE9D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_6ce00000_Leside-.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 3b4d9c0a71400706d52af23c3d0fc79ea0e2e389a064cab664be6cf6fcdfa24c
                                                                                                                                                                                                                                      • Instruction ID: d2fe0fc728a347d33a871a612509fa4757b56bccc886987b5723e1b727a7e3d5
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3b4d9c0a71400706d52af23c3d0fc79ea0e2e389a064cab664be6cf6fcdfa24c
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: FC91D532B402168FDF049E7CC9953EE77F5AB87355F20A116D425EB784C63E850A8F51
                                                                                                                                                                                                                                      Function 6CE2D610 Relevance: .3, Instructions: 259COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1658743870.000000006CE01000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CE00000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658731937.000000006CE00000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658782040.000000006CE48000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658797790.000000006CE4F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658838868.000000006CE9D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_6ce00000_Leside-.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 004031851c0c557bf178262dcb9a61e1b34e59f4523caaaa5f738b588f1cc14c
                                                                                                                                                                                                                                      • Instruction ID: 79c0624dff2ea01acac980d2eb8a467ad64d4054d594e35a984b5b24800917cf
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 004031851c0c557bf178262dcb9a61e1b34e59f4523caaaa5f738b588f1cc14c
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0E81247AB811468FCF04CE7CC5953EE3BF2AF47364F20A1169525DBB94C12E8A0ACB45
                                                                                                                                                                                                                                      Function 6CE2C0A0 Relevance: .3, Instructions: 255COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1658743870.000000006CE01000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CE00000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658731937.000000006CE00000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658782040.000000006CE48000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658797790.000000006CE4F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658838868.000000006CE9D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_6ce00000_Leside-.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 28f092f454400ec802f591578fe348ad10f7b7ead6a29db22f12b3b186825f69
                                                                                                                                                                                                                                      • Instruction ID: 1913721d1c16a8fdabe9b2b4770ce33e5a15da69392391e9f3321ce809f5c645
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 28f092f454400ec802f591578fe348ad10f7b7ead6a29db22f12b3b186825f69
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1181DF36B401458FEB04EEBCD9867EE77F2AB4B358F345116C411E7B45C22E8A0A8B56
                                                                                                                                                                                                                                      Function 6CE22920 Relevance: .2, Instructions: 250COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1658743870.000000006CE01000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CE00000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658731937.000000006CE00000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658782040.000000006CE48000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658797790.000000006CE4F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658838868.000000006CE9D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_6ce00000_Leside-.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 539d7b1cb40fa82f1dcbeba8ab2e032af43f92a0f88a306db0f65609ab9aff35
                                                                                                                                                                                                                                      • Instruction ID: d8434dc9a52b4e7a600b9fa15a158056524ab9e1cfc57d24653d606250be8ef0
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 539d7b1cb40fa82f1dcbeba8ab2e032af43f92a0f88a306db0f65609ab9aff35
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F2812A72B542068FCF04DE7CC5897ED77F2AB63368F3095168821DBB94C63E860A9751
                                                                                                                                                                                                                                      Function 6CE1FEF0 Relevance: .2, Instructions: 201COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1658743870.000000006CE01000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CE00000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658731937.000000006CE00000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658782040.000000006CE48000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658797790.000000006CE4F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658838868.000000006CE9D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_6ce00000_Leside-.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: b7de2f7203a91de87b0e4703e3ad13e3c642b6edb91533f320f0accf413e0989
                                                                                                                                                                                                                                      • Instruction ID: 40e8da2c2cd517b5cb3acb61cb413a1fb2ce03f034e1c17f926b83d9da1dec28
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b7de2f7203a91de87b0e4703e3ad13e3c642b6edb91533f320f0accf413e0989
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9351F472A4464A4FCB04DD7CC8E53DE7BF1AB47324F30561AD922DBBD0C26A494A8B81
                                                                                                                                                                                                                                      Function 6CE2BBF0 Relevance: .2, Instructions: 183COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1658743870.000000006CE01000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CE00000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658731937.000000006CE00000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658782040.000000006CE48000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658797790.000000006CE4F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658838868.000000006CE9D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_6ce00000_Leside-.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 0c534ba9bcb232b1d041f2b77542618e8f490c6a0495189c28fbe3e64df73dc4
                                                                                                                                                                                                                                      • Instruction ID: 0936c984b44af97dc9c094c3111eeb35a1f53150ce496cd87d1cf022a465a37b
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0c534ba9bcb232b1d041f2b77542618e8f490c6a0495189c28fbe3e64df73dc4
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B551F676F41109CFCB04DEACC6C13EE7BB2AB47358F308116D912EB751C6399A468B81
                                                                                                                                                                                                                                      Function 6CE406A1 Relevance: .0, Instructions: 22COMMONLIBRARYCODE
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1658743870.000000006CE01000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CE00000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658731937.000000006CE00000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658782040.000000006CE48000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658797790.000000006CE4F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658838868.000000006CE9D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_6ce00000_Leside-.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 1244d2490e722d8e2d4b08a687ba54e345a4788b81df14d6debf1e67a5b6da9d
                                                                                                                                                                                                                                      • Instruction ID: fe25dbe1bc8e0aa2e18b0ba384811c70a4f263b95837ad7384f6541fa06150ff
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1244d2490e722d8e2d4b08a687ba54e345a4788b81df14d6debf1e67a5b6da9d
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 25E08C72916278EBCB10CFC8D944E8AB3FCEB84B08B2180AAB512D3A10C270DE00C7D0
                                                                                                                                                                                                                                      Function 6CE42D80 Relevance: 19.6, APIs: 13, Instructions: 113COMMONLIBRARYCODE
                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                      control_flow_graph 1718 6ce42d80-6ce42d94 1719 6ce42d96-6ce42d9b 1718->1719 1720 6ce42e02-6ce42e0a 1718->1720 1719->1720 1723 6ce42d9d-6ce42da2 1719->1723 1721 6ce42e51-6ce42e69 call 6ce42ef1 1720->1721 1722 6ce42e0c-6ce42e0f 1720->1722 1731 6ce42e6c-6ce42e73 1721->1731 1722->1721 1724 6ce42e11-6ce42e4e call 6ce40667 * 4 1722->1724 1723->1720 1726 6ce42da4-6ce42da7 1723->1726 1724->1721 1726->1720 1729 6ce42da9-6ce42db1 1726->1729 1732 6ce42db3-6ce42db6 1729->1732 1733 6ce42dcb-6ce42dd3 1729->1733 1737 6ce42e75-6ce42e79 1731->1737 1738 6ce42e92-6ce42e96 1731->1738 1732->1733 1739 6ce42db8-6ce42dca call 6ce40667 call 6ce44cb7 1732->1739 1735 6ce42dd5-6ce42dd8 1733->1735 1736 6ce42ded-6ce42e01 call 6ce40667 * 2 1733->1736 1735->1736 1744 6ce42dda-6ce42dec call 6ce40667 call 6ce44db5 1735->1744 1736->1720 1740 6ce42e8f 1737->1740 1741 6ce42e7b-6ce42e7e 1737->1741 1745 6ce42eae-6ce42eba 1738->1745 1746 6ce42e98-6ce42e9d 1738->1746 1739->1733 1740->1738 1741->1740 1748 6ce42e80-6ce42e8e call 6ce40667 * 2 1741->1748 1744->1736 1745->1731 1755 6ce42ebc-6ce42ec7 call 6ce40667 1745->1755 1752 6ce42e9f-6ce42ea2 1746->1752 1753 6ce42eab 1746->1753 1748->1740 1752->1753 1761 6ce42ea4-6ce42eaa call 6ce40667 1752->1761 1753->1745 1761->1753
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • ___free_lconv_mon.LIBCMT ref: 6CE42DC4
                                                                                                                                                                                                                                        • Part of subcall function 6CE44CB7: _free.LIBCMT ref: 6CE44CD4
                                                                                                                                                                                                                                        • Part of subcall function 6CE44CB7: _free.LIBCMT ref: 6CE44CE6
                                                                                                                                                                                                                                        • Part of subcall function 6CE44CB7: _free.LIBCMT ref: 6CE44CF8
                                                                                                                                                                                                                                        • Part of subcall function 6CE44CB7: _free.LIBCMT ref: 6CE44D0A
                                                                                                                                                                                                                                        • Part of subcall function 6CE44CB7: _free.LIBCMT ref: 6CE44D1C
                                                                                                                                                                                                                                        • Part of subcall function 6CE44CB7: _free.LIBCMT ref: 6CE44D2E
                                                                                                                                                                                                                                        • Part of subcall function 6CE44CB7: _free.LIBCMT ref: 6CE44D40
                                                                                                                                                                                                                                        • Part of subcall function 6CE44CB7: _free.LIBCMT ref: 6CE44D52
                                                                                                                                                                                                                                        • Part of subcall function 6CE44CB7: _free.LIBCMT ref: 6CE44D64
                                                                                                                                                                                                                                        • Part of subcall function 6CE44CB7: _free.LIBCMT ref: 6CE44D76
                                                                                                                                                                                                                                        • Part of subcall function 6CE44CB7: _free.LIBCMT ref: 6CE44D88
                                                                                                                                                                                                                                        • Part of subcall function 6CE44CB7: _free.LIBCMT ref: 6CE44D9A
                                                                                                                                                                                                                                        • Part of subcall function 6CE44CB7: _free.LIBCMT ref: 6CE44DAC
                                                                                                                                                                                                                                      • _free.LIBCMT ref: 6CE42DB9
                                                                                                                                                                                                                                        • Part of subcall function 6CE40667: HeapFree.KERNEL32(00000000,00000000,?,6CE3FB79), ref: 6CE4067D
                                                                                                                                                                                                                                        • Part of subcall function 6CE40667: GetLastError.KERNEL32(?,?,6CE3FB79), ref: 6CE4068F
                                                                                                                                                                                                                                      • _free.LIBCMT ref: 6CE42DDB
                                                                                                                                                                                                                                      • _free.LIBCMT ref: 6CE42DF0
                                                                                                                                                                                                                                      • _free.LIBCMT ref: 6CE42DFB
                                                                                                                                                                                                                                      • _free.LIBCMT ref: 6CE42E1D
                                                                                                                                                                                                                                      • _free.LIBCMT ref: 6CE42E30
                                                                                                                                                                                                                                      • _free.LIBCMT ref: 6CE42E3E
                                                                                                                                                                                                                                      • _free.LIBCMT ref: 6CE42E49
                                                                                                                                                                                                                                      • _free.LIBCMT ref: 6CE42E81
                                                                                                                                                                                                                                      • _free.LIBCMT ref: 6CE42E88
                                                                                                                                                                                                                                      • _free.LIBCMT ref: 6CE42EA5
                                                                                                                                                                                                                                      • _free.LIBCMT ref: 6CE42EBD
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1658743870.000000006CE01000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CE00000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658731937.000000006CE00000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658782040.000000006CE48000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658797790.000000006CE4F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658838868.000000006CE9D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_6ce00000_Leside-.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 161543041-0
                                                                                                                                                                                                                                      • Opcode ID: 03dc2ccb25708bf763293dbf99e2736cfbf1416dda23942a16b547ebbd367d2a
                                                                                                                                                                                                                                      • Instruction ID: 66a5a484f352db339d6cbf74a637bc5f10c3addc7fe8b426aa7eaef0ff2ec68a
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 03dc2ccb25708bf763293dbf99e2736cfbf1416dda23942a16b547ebbd367d2a
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 72313A71604641DEEB219A35F848F9673F8AFA031CF34896DE4A6DBF50DF32E8848614
                                                                                                                                                                                                                                      Function 6CE401E3 Relevance: 15.1, APIs: 10, Instructions: 69COMMON
                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                      control_flow_graph 1775 6ce401e3-6ce401f6 1776 6ce40202-6ce402af call 6ce40667 * 9 call 6ce4000f call 6ce4007a 1775->1776 1777 6ce401f8-6ce40201 call 6ce40667 1775->1777 1777->1776
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1658743870.000000006CE01000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CE00000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658731937.000000006CE00000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658782040.000000006CE48000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658797790.000000006CE4F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658838868.000000006CE9D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_6ce00000_Leside-.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 776569668-0
                                                                                                                                                                                                                                      • Opcode ID: b49a2662d25df75e662a00f80e03d50bd3d346ea33f587e402b94face67f5a7d
                                                                                                                                                                                                                                      • Instruction ID: 05bbcf8f9385f01c33f4a6bf9ba78bb698c5974f4af9f8197d220cc66d799efc
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b49a2662d25df75e662a00f80e03d50bd3d346ea33f587e402b94face67f5a7d
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B121DCB6900148FFCB41DF94D841DDD7BB9BF98748F1085AAF5159BA21DB32DA48CB80
                                                                                                                                                                                                                                      Function 6CE3E480 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 120COMMON
                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                      control_flow_graph 2070 6ce3e480-6ce3e4d1 call 6ce471d0 call 6ce3e440 call 6ce3e8c7 2077 6ce3e4d3-6ce3e4e5 2070->2077 2078 6ce3e52d-6ce3e530 2070->2078 2079 6ce3e550-6ce3e559 2077->2079 2080 6ce3e4e7-6ce3e4fe 2077->2080 2078->2079 2081 6ce3e532-6ce3e53f call 6ce3e8b0 2078->2081 2082 6ce3e500-6ce3e50e call 6ce3e850 2080->2082 2083 6ce3e514 2080->2083 2085 6ce3e544-6ce3e54d call 6ce3e440 2081->2085 2092 6ce3e510 2082->2092 2093 6ce3e524-6ce3e52b 2082->2093 2087 6ce3e517-6ce3e51c 2083->2087 2085->2079 2087->2080 2090 6ce3e51e-6ce3e520 2087->2090 2090->2079 2094 6ce3e522 2090->2094 2095 6ce3e512 2092->2095 2096 6ce3e55a-6ce3e563 2092->2096 2093->2085 2094->2085 2095->2087 2097 6ce3e565-6ce3e56c 2096->2097 2098 6ce3e59d-6ce3e5ad call 6ce3e890 2096->2098 2097->2098 2100 6ce3e56e-6ce3e57d call 6ce47070 2097->2100 2103 6ce3e5c1-6ce3e5dd call 6ce3e440 call 6ce3e870 2098->2103 2104 6ce3e5af-6ce3e5be call 6ce3e8b0 2098->2104 2108 6ce3e59a 2100->2108 2109 6ce3e57f-6ce3e597 2100->2109 2104->2103 2108->2098 2109->2108
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • _ValidateLocalCookies.LIBCMT ref: 6CE3E4B7
                                                                                                                                                                                                                                      • ___except_validate_context_record.LIBVCRUNTIME ref: 6CE3E4BF
                                                                                                                                                                                                                                      • _ValidateLocalCookies.LIBCMT ref: 6CE3E548
                                                                                                                                                                                                                                      • __IsNonwritableInCurrentImage.LIBCMT ref: 6CE3E573
                                                                                                                                                                                                                                      • _ValidateLocalCookies.LIBCMT ref: 6CE3E5C8
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1658743870.000000006CE01000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CE00000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658731937.000000006CE00000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658782040.000000006CE48000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658797790.000000006CE4F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658838868.000000006CE9D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_6ce00000_Leside-.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                                                                                                                                                                                      • String ID: csm
                                                                                                                                                                                                                                      • API String ID: 1170836740-1018135373
                                                                                                                                                                                                                                      • Opcode ID: 36c0555184525a064d3789ff35f6a400f7092c1a7d19201de9c37d6ffca5b022
                                                                                                                                                                                                                                      • Instruction ID: edfcff730a018f5830203a17079c4e887f4d304a99f8969fb9c325a963a3e0f8
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 36c0555184525a064d3789ff35f6a400f7092c1a7d19201de9c37d6ffca5b022
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: FB417334E00629EBCF10CF68C880A9EBBB5AF4531CF249559E8189B791E735ED15CBE1
                                                                                                                                                                                                                                      Function 6CE41CA8 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 77COMMONLIBRARYCODE
                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                      control_flow_graph 2116 6ce41ca8-6ce41cb4 2117 6ce41d5b-6ce41d5e 2116->2117 2118 6ce41d64 2117->2118 2119 6ce41cb9-6ce41cca 2117->2119 2122 6ce41d66-6ce41d6a 2118->2122 2120 6ce41cd7-6ce41cf0 LoadLibraryExW 2119->2120 2121 6ce41ccc-6ce41ccf 2119->2121 2125 6ce41d42-6ce41d4b 2120->2125 2126 6ce41cf2-6ce41cfb GetLastError 2120->2126 2123 6ce41cd5 2121->2123 2124 6ce41d58 2121->2124 2127 6ce41d54-6ce41d56 2123->2127 2124->2117 2125->2127 2130 6ce41d4d-6ce41d4e FreeLibrary 2125->2130 2128 6ce41d32 2126->2128 2129 6ce41cfd-6ce41d0f call 6ce3ff83 2126->2129 2127->2124 2131 6ce41d6b-6ce41d6d 2127->2131 2133 6ce41d34-6ce41d36 2128->2133 2129->2128 2136 6ce41d11-6ce41d23 call 6ce3ff83 2129->2136 2130->2127 2131->2122 2133->2125 2135 6ce41d38-6ce41d40 2133->2135 2135->2124 2136->2128 2139 6ce41d25-6ce41d30 LoadLibraryExW 2136->2139 2139->2133
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1658743870.000000006CE01000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CE00000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658731937.000000006CE00000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658782040.000000006CE48000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658797790.000000006CE4F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658838868.000000006CE9D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_6ce00000_Leside-.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: api-ms-$ext-ms-
                                                                                                                                                                                                                                      • API String ID: 0-537541572
                                                                                                                                                                                                                                      • Opcode ID: 1640d9330096dfbf00dd8eb98f60a10c994934fe765e64da69cd7a835dfcaba1
                                                                                                                                                                                                                                      • Instruction ID: 1c901ff7665559e9718ae295429ab0c1333780ba1172ab9b3821f2c08e83162c
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1640d9330096dfbf00dd8eb98f60a10c994934fe765e64da69cd7a835dfcaba1
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 202108B1A41220ABDF219AA5EC40B4A37789F037ADF358621E819B7790D730EC11C5D0
                                                                                                                                                                                                                                      Function 6CE44E56 Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE
                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                        • Part of subcall function 6CE44E1E: _free.LIBCMT ref: 6CE44E43
                                                                                                                                                                                                                                      • _free.LIBCMT ref: 6CE44EA4
                                                                                                                                                                                                                                        • Part of subcall function 6CE40667: HeapFree.KERNEL32(00000000,00000000,?,6CE3FB79), ref: 6CE4067D
                                                                                                                                                                                                                                        • Part of subcall function 6CE40667: GetLastError.KERNEL32(?,?,6CE3FB79), ref: 6CE4068F
                                                                                                                                                                                                                                      • _free.LIBCMT ref: 6CE44EAF
                                                                                                                                                                                                                                      • _free.LIBCMT ref: 6CE44EBA
                                                                                                                                                                                                                                      • _free.LIBCMT ref: 6CE44F0E
                                                                                                                                                                                                                                      • _free.LIBCMT ref: 6CE44F19
                                                                                                                                                                                                                                      • _free.LIBCMT ref: 6CE44F24
                                                                                                                                                                                                                                      • _free.LIBCMT ref: 6CE44F2F
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1658743870.000000006CE01000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CE00000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658731937.000000006CE00000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658782040.000000006CE48000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658797790.000000006CE4F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658838868.000000006CE9D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_6ce00000_Leside-.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 776569668-0
                                                                                                                                                                                                                                      • Opcode ID: 7df7bc2e45ad0bb9c7f8bc702183ee147632bc2a3689b57671c2733396f6c7e8
                                                                                                                                                                                                                                      • Instruction ID: cd9b056f45f06360185c5e77fbd5a602f9328866ce04b1b56599fb17f347e1d6
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7df7bc2e45ad0bb9c7f8bc702183ee147632bc2a3689b57671c2733396f6c7e8
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: ED1151B1680B14EAE520AFB4EC05FDBB7BC5F80704F50CC2EB29AAAA50DF75B5184751
                                                                                                                                                                                                                                      Function 6CE43F6F Relevance: 9.3, APIs: 6, Instructions: 317fileCOMMONLIBRARYCODE
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • GetConsoleOutputCP.KERNEL32(?,00000001,?), ref: 6CE43FB7
                                                                                                                                                                                                                                      • __fassign.LIBCMT ref: 6CE4419C
                                                                                                                                                                                                                                      • __fassign.LIBCMT ref: 6CE441B9
                                                                                                                                                                                                                                      • WriteFile.KERNEL32(?,6CE42799,00000000,?,00000000,?,?,?,?,?,?,?,?,?,?,00000000), ref: 6CE44201
                                                                                                                                                                                                                                      • WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 6CE44241
                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000), ref: 6CE442E9
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1658743870.000000006CE01000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CE00000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658731937.000000006CE00000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658782040.000000006CE48000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658797790.000000006CE4F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658838868.000000006CE9D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_6ce00000_Leside-.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: FileWrite__fassign$ConsoleErrorLastOutput
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 1735259414-0
                                                                                                                                                                                                                                      • Opcode ID: 6f60f3e24da9726117a664fac66e02b8124aaecbf47de04cc0833e9607617df2
                                                                                                                                                                                                                                      • Instruction ID: 5675855848089b98e62cb5089496f845d5a8d6f53f8418180681e4aa4715b964
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6f60f3e24da9726117a664fac66e02b8124aaecbf47de04cc0833e9607617df2
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: ABC19D71E012589FDF10CFE8D8809EDBBB5AF4A318F28816AE855FB741D6319946CF60
                                                                                                                                                                                                                                      Function 6CE3E957 Relevance: 9.1, APIs: 6, Instructions: 60COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • GetLastError.KERNEL32(00000001,?,6CE3E625,6CE3C668,6CE3C02F,?,6CE3C267,?,00000001,?,?,00000001,?,6CE4D908,0000000C,6CE3C360), ref: 6CE3E965
                                                                                                                                                                                                                                      • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 6CE3E973
                                                                                                                                                                                                                                      • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 6CE3E98C
                                                                                                                                                                                                                                      • SetLastError.KERNEL32(00000000,6CE3C267,?,00000001,?,?,00000001,?,6CE4D908,0000000C,6CE3C360,?,00000001,?), ref: 6CE3E9DE
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1658743870.000000006CE01000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CE00000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658731937.000000006CE00000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658782040.000000006CE48000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658797790.000000006CE4F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658838868.000000006CE9D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_6ce00000_Leside-.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: ErrorLastValue___vcrt_
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 3852720340-0
                                                                                                                                                                                                                                      • Opcode ID: 270c536c7ec8453e82ae4041c600bcc39998225f9fb544306f3037e0cdaab49c
                                                                                                                                                                                                                                      • Instruction ID: dd197192555690e0bec7c4d854656ad2181cbfd484ab50596674988b52b1db79
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 270c536c7ec8453e82ae4041c600bcc39998225f9fb544306f3037e0cdaab49c
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: AB01DE32609E319AAA6119755C80A8B2AB49B43B7C734336BF42C82AD0EF516C05D2C4
                                                                                                                                                                                                                                      Function 6CE40FED Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 83COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      • C:\Users\user\Desktop\Leside-.exe, xrefs: 6CE40FF2
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1658743870.000000006CE01000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CE00000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658731937.000000006CE00000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658782040.000000006CE48000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658797790.000000006CE4F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658838868.000000006CE9D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_6ce00000_Leside-.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: C:\Users\user\Desktop\Leside-.exe
                                                                                                                                                                                                                                      • API String ID: 0-3881279091
                                                                                                                                                                                                                                      • Opcode ID: 5acf17d2bd2d683dbd921eccaa40ae30825dd3eba2d431080705db1c2370ef21
                                                                                                                                                                                                                                      • Instruction ID: bd5c825f5e798643bb374f75647fbf283d55e9d8a661d6d3c20eb848c1ae02e1
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5acf17d2bd2d683dbd921eccaa40ae30825dd3eba2d431080705db1c2370ef21
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3E21B671604245AF9F20AAE6AC80D9A777DAB013AE724C619F518C7B40E730EC65A791
                                                                                                                                                                                                                                      Function 6CE3EAD3 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 62COMMONLIBRARYCODE
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • FreeLibrary.KERNEL32(00000000,?,?,6CE3EB94,00000000,?,00000001,00000000,?,6CE3EC0B,00000001,FlsFree,6CE49354,FlsFree,00000000), ref: 6CE3EB63
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1658743870.000000006CE01000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CE00000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658731937.000000006CE00000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658782040.000000006CE48000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658797790.000000006CE4F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658838868.000000006CE9D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_6ce00000_Leside-.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: FreeLibrary
                                                                                                                                                                                                                                      • String ID: api-ms-
                                                                                                                                                                                                                                      • API String ID: 3664257935-2084034818
                                                                                                                                                                                                                                      • Opcode ID: f2cd1c41d600fb483d1e9e0d638927f2c3764cf25ec3497c6aef598d7459ddf6
                                                                                                                                                                                                                                      • Instruction ID: bed13877c9293d7a8d70c31d9c209d8df414aa526754937fe4b92590b46dea9c
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f2cd1c41d600fb483d1e9e0d638927f2c3764cf25ec3497c6aef598d7459ddf6
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2C119131A41A35ABDB325A688C40B4973B4AB0377CF390221E919FB7C0D670FD01CAD5
                                                                                                                                                                                                                                      Function 6CE3F4E7 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 30libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,6CE3F499,?,?,6CE3F461,?,00000001,?), ref: 6CE3F4FC
                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 6CE3F50F
                                                                                                                                                                                                                                      • FreeLibrary.KERNEL32(00000000,?,?,6CE3F499,?,?,6CE3F461,?,00000001,?), ref: 6CE3F532
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1658743870.000000006CE01000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CE00000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658731937.000000006CE00000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658782040.000000006CE48000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658797790.000000006CE4F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658838868.000000006CE9D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_6ce00000_Leside-.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                                                                      • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                                                                      • API String ID: 4061214504-1276376045
                                                                                                                                                                                                                                      • Opcode ID: 3bcdedfebfc3d742fada9a45f0d82ff1cafdaaaef24b16e66d150ed510eecb0d
                                                                                                                                                                                                                                      • Instruction ID: f8db166e4f21e59473874a528147cfc6e9265b10e3d19e56e3c878a5c8ea5f4d
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3bcdedfebfc3d742fada9a45f0d82ff1cafdaaaef24b16e66d150ed510eecb0d
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E4F01C31611228FBEF11AF91DE09B9D7A79EB4575FF2081A2F405E2650CB389F01DAE1
                                                                                                                                                                                                                                      Function 6CE44DB5 Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • _free.LIBCMT ref: 6CE44DCD
                                                                                                                                                                                                                                        • Part of subcall function 6CE40667: HeapFree.KERNEL32(00000000,00000000,?,6CE3FB79), ref: 6CE4067D
                                                                                                                                                                                                                                        • Part of subcall function 6CE40667: GetLastError.KERNEL32(?,?,6CE3FB79), ref: 6CE4068F
                                                                                                                                                                                                                                      • _free.LIBCMT ref: 6CE44DDF
                                                                                                                                                                                                                                      • _free.LIBCMT ref: 6CE44DF1
                                                                                                                                                                                                                                      • _free.LIBCMT ref: 6CE44E03
                                                                                                                                                                                                                                      • _free.LIBCMT ref: 6CE44E15
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1658743870.000000006CE01000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CE00000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658731937.000000006CE00000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658782040.000000006CE48000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658797790.000000006CE4F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658838868.000000006CE9D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_6ce00000_Leside-.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 776569668-0
                                                                                                                                                                                                                                      • Opcode ID: 4a894694b81cba12cd4195f2253e1b39f5a169418fe26c432c725ecefa6e7837
                                                                                                                                                                                                                                      • Instruction ID: 1b111536a289ebe3bea1e563ae34eb9c430848a0419c3ca5b57231d66ef8e46a
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4a894694b81cba12cd4195f2253e1b39f5a169418fe26c432c725ecefa6e7837
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 48F04FB1A11744DB8A20DE64F084D5733F9EB80B1CB709D0BE029D7F00CB31F8808694
                                                                                                                                                                                                                                      Function 6CE40971 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 206COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1658743870.000000006CE01000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CE00000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658731937.000000006CE00000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658782040.000000006CE48000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658797790.000000006CE4F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658838868.000000006CE9D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_6ce00000_Leside-.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: _free
                                                                                                                                                                                                                                      • String ID: *?
                                                                                                                                                                                                                                      • API String ID: 269201875-2564092906
                                                                                                                                                                                                                                      • Opcode ID: efaba169b8992d2e26a785112f36f40523865fa27bba120f56925424b36ce35c
                                                                                                                                                                                                                                      • Instruction ID: 26644e685a9582cb71df3e6ccf189e27a5771dc1d6004315575db299964f9433
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: efaba169b8992d2e26a785112f36f40523865fa27bba120f56925424b36ce35c
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 76617FB5D002599FDB14CFA9D8809DEFBF5EF98318F2482AAD815E7700D731AE418B90
                                                                                                                                                                                                                                      Function 6CE447DC Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 170fileCOMMONLIBRARYCODE
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                        • Part of subcall function 6CE43F6F: GetConsoleOutputCP.KERNEL32(?,00000001,?), ref: 6CE43FB7
                                                                                                                                                                                                                                      • WriteFile.KERNEL32(?,?,00000000,?,00000000,?,?,?,6CE42799,?,00000000,00000000,6CE4DBB8,0000002C,6CE4280A,?), ref: 6CE44922
                                                                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 6CE4492C
                                                                                                                                                                                                                                      • __dosmaperr.LIBCMT ref: 6CE4496B
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1658743870.000000006CE01000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CE00000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658731937.000000006CE00000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658782040.000000006CE48000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658797790.000000006CE4F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658838868.000000006CE9D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_6ce00000_Leside-.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: ConsoleErrorFileLastOutputWrite__dosmaperr
                                                                                                                                                                                                                                      • String ID: (l
                                                                                                                                                                                                                                      • API String ID: 910155933-3029988293
                                                                                                                                                                                                                                      • Opcode ID: 1dadb8b1616d9939bd5dcea8eeec27ea4ab285700a6f72e5a6daab52a4fd03d3
                                                                                                                                                                                                                                      • Instruction ID: 7d9af9e2a28a41c787d4bf12c2f96e9650cffd472a0ad00c3cf6fe3b594c76e8
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1dadb8b1616d9939bd5dcea8eeec27ea4ab285700a6f72e5a6daab52a4fd03d3
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5C51E571B0028AABDB019FA8E844FDE7BB5EF4A31CF34805AE500B7B40D3759946DB61
                                                                                                                                                                                                                                      Function 6CE40885 Relevance: 6.1, APIs: 4, Instructions: 86COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                        • Part of subcall function 6CE40EA7: _free.LIBCMT ref: 6CE40EB5
                                                                                                                                                                                                                                        • Part of subcall function 6CE41A7B: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,0000FDE9,00000000,00000000,00000000,?,6CE43A13,?,00000000,00000000), ref: 6CE41B27
                                                                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 6CE408ED
                                                                                                                                                                                                                                      • __dosmaperr.LIBCMT ref: 6CE408F4
                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,?,?,?,?,?,?), ref: 6CE40933
                                                                                                                                                                                                                                      • __dosmaperr.LIBCMT ref: 6CE4093A
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1658743870.000000006CE01000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CE00000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658731937.000000006CE00000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658782040.000000006CE48000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658797790.000000006CE4F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658838868.000000006CE9D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_6ce00000_Leside-.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: ErrorLast__dosmaperr$ByteCharMultiWide_free
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 167067550-0
                                                                                                                                                                                                                                      • Opcode ID: 41df09fff09f2b3d3537d107820d3b2248368fc271b1b0116f56449acb0fe753
                                                                                                                                                                                                                                      • Instruction ID: 8d287e1a27f4e5065a3e9c0e3ec732dc8e2e5d767759c3e1a70b2807f05f5abe
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 41df09fff09f2b3d3537d107820d3b2248368fc271b1b0116f56449acb0fe753
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CC21B571604245BFEB105F66AC80C97777CAFA537C724C638E51897B40E731EC554B90
                                                                                                                                                                                                                                      Function 6CE40327 Relevance: 6.1, APIs: 4, Instructions: 72COMMONLIBRARYCODE
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,?,?,6CE443B7,?,00000001,6CE4280A,?,6CE44871,00000001,?,?,?,6CE42799,?,00000000), ref: 6CE4032C
                                                                                                                                                                                                                                      • _free.LIBCMT ref: 6CE40389
                                                                                                                                                                                                                                      • _free.LIBCMT ref: 6CE403BF
                                                                                                                                                                                                                                      • SetLastError.KERNEL32(00000000,FFFFFFFF,000000FF,?,6CE44871,00000001,?,?,?,6CE42799,?,00000000,00000000,6CE4DBB8,0000002C,6CE4280A), ref: 6CE403CA
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1658743870.000000006CE01000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CE00000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658731937.000000006CE00000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658782040.000000006CE48000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658797790.000000006CE4F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658838868.000000006CE9D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_6ce00000_Leside-.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: ErrorLast_free
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 2283115069-0
                                                                                                                                                                                                                                      • Opcode ID: b0a99e4910707e085f76a213b5d9ea483c9f02bfc0208baf6924e2997e1ee7e1
                                                                                                                                                                                                                                      • Instruction ID: 9dd0a0108c94f70e99bf0d114b7e0de334c792651bd16810b414fc57bdfb47b7
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b0a99e4910707e085f76a213b5d9ea483c9f02bfc0208baf6924e2997e1ee7e1
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7D11CA32705144ABDA1165B9BCC4E5A2B7B9FD267DB34827DF134D3BD0EB61CC198120
                                                                                                                                                                                                                                      Function 6CE4047E Relevance: 6.1, APIs: 4, Instructions: 69COMMONLIBRARYCODE
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,?,00000001,6CE40750,6CE4068D,?,?,6CE3FB79), ref: 6CE40483
                                                                                                                                                                                                                                      • _free.LIBCMT ref: 6CE404E0
                                                                                                                                                                                                                                      • _free.LIBCMT ref: 6CE40516
                                                                                                                                                                                                                                      • SetLastError.KERNEL32(00000000,FFFFFFFF,000000FF,?,00000001,6CE40750,6CE4068D,?,?,6CE3FB79), ref: 6CE40521
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1658743870.000000006CE01000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CE00000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658731937.000000006CE00000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658782040.000000006CE48000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658797790.000000006CE4F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658838868.000000006CE9D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_6ce00000_Leside-.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: ErrorLast_free
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 2283115069-0
                                                                                                                                                                                                                                      • Opcode ID: 5a3c7451394609a59cb5adcd16a41766804ee6f50859bc468ac97f045d953d11
                                                                                                                                                                                                                                      • Instruction ID: 1e0a94c8e6365845b20853f3565ca3824147c3949767990315faa3c2f2b5d04a
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5a3c7451394609a59cb5adcd16a41766804ee6f50859bc468ac97f045d953d11
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B811E532704284AADA2029B9BC84E5A257ADFD267DB34C23DF534C3FC0EF21C81A8564
                                                                                                                                                                                                                                      Function 6CE45606 Relevance: 6.0, APIs: 4, Instructions: 29COMMONLIBRARYCODE
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • WriteConsoleW.KERNEL32(?,?,00000000,00000000,?,?,6CE45060,?,00000001,?,00000001,?,6CE44346,?,?,00000001), ref: 6CE4561D
                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,6CE45060,?,00000001,?,00000001,?,6CE44346,?,?,00000001,?,00000001,?,6CE44892,6CE42799), ref: 6CE45629
                                                                                                                                                                                                                                        • Part of subcall function 6CE455EF: CloseHandle.KERNEL32(FFFFFFFE,6CE45639,?,6CE45060,?,00000001,?,00000001,?,6CE44346,?,?,00000001,?,00000001), ref: 6CE455FF
                                                                                                                                                                                                                                      • ___initconout.LIBCMT ref: 6CE45639
                                                                                                                                                                                                                                        • Part of subcall function 6CE455B1: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,6CE455E0,6CE4504D,00000001,?,6CE44346,?,?,00000001,?), ref: 6CE455C4
                                                                                                                                                                                                                                      • WriteConsoleW.KERNEL32(?,?,00000000,00000000,?,6CE45060,?,00000001,?,00000001,?,6CE44346,?,?,00000001,?), ref: 6CE4564E
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1658743870.000000006CE01000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CE00000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658731937.000000006CE00000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658782040.000000006CE48000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658797790.000000006CE4F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658838868.000000006CE9D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_6ce00000_Leside-.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 2744216297-0
                                                                                                                                                                                                                                      • Opcode ID: bb1ea9ddbebd3b3cd33c84ac103523a5cbb98e07d573d951617ec778d32d7703
                                                                                                                                                                                                                                      • Instruction ID: 38105fd3e29c702b9da64bd912ce18e8089c5e9d661b5eda82da9eac56668147
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: bb1ea9ddbebd3b3cd33c84ac103523a5cbb98e07d573d951617ec778d32d7703
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6EF01C36611118BBCF722FD5EC089893F76EF0A7A9F148011FA1885620C6328820EB94
                                                                                                                                                                                                                                      Function 6CE3F575 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 123COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1658743870.000000006CE01000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CE00000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658731937.000000006CE00000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658782040.000000006CE48000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658797790.000000006CE4F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658838868.000000006CE9D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_6ce00000_Leside-.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: C:\Users\user\Desktop\Leside-.exe
                                                                                                                                                                                                                                      • API String ID: 0-3881279091
                                                                                                                                                                                                                                      • Opcode ID: 0d704c4abad429a7a74533bf0c5105e964e4c558e813cf557e77a57777551e18
                                                                                                                                                                                                                                      • Instruction ID: 46ea272b6fe7c6c4338334bf1c6d4ead2b9c2191a546c03bcc43c7265ba9c94c
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0d704c4abad429a7a74533bf0c5105e964e4c558e813cf557e77a57777551e18
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 614174B1F00264AFDB11DF99D881D9E7BB8EF85718F3040AAE41897750D775AA44CB90
                                                                                                                                                                                                                                      Function 6CE414F4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 99COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                        • Part of subcall function 6CE4129E: GetOEMCP.KERNEL32(00000000,6CE4150F,?,00000001,6CE44871,6CE44871,00000001,?,?), ref: 6CE412C9
                                                                                                                                                                                                                                      • _free.LIBCMT ref: 6CE4156C
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1658743870.000000006CE01000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CE00000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658731937.000000006CE00000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658782040.000000006CE48000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658797790.000000006CE4F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658838868.000000006CE9D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_6ce00000_Leside-.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: _free
                                                                                                                                                                                                                                      • String ID: h
                                                                                                                                                                                                                                      • API String ID: 269201875-3790492082
                                                                                                                                                                                                                                      • Opcode ID: 4bc92c6f402ad63528cb9f8439b6600ab03483b3238c1a473703b1ad51ec8bf3
                                                                                                                                                                                                                                      • Instruction ID: 2ca00f345f9e237cc30fe0d1340df0384c309b4161568656562f50a68b757a63
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4bc92c6f402ad63528cb9f8439b6600ab03483b3238c1a473703b1ad51ec8bf3
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 17319072904249AFCF01CFA9E880BDA77B4FF84358F25856AE815DB790EB35D924CB50
                                                                                                                                                                                                                                      Function 6CE43E50 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 47COMMONLIBRARYCODE
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                        • Part of subcall function 6CE43D0F: EnterCriticalSection.KERNEL32(00000001,?,6CE4474E,?,6CE4DC58,00000010,6CE428AD,00000000,00000000,?,?,?,?,6CE428F1,?,00000000), ref: 6CE43D2A
                                                                                                                                                                                                                                      • FlushFileBuffers.KERNEL32(00000000,6CE4DC38,0000000C,6CE43F57,(l,?,00000001,?,6CE4280A,?), ref: 6CE43E99
                                                                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 6CE43EAA
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1658743870.000000006CE01000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CE00000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658731937.000000006CE00000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658782040.000000006CE48000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658797790.000000006CE4F000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1658838868.000000006CE9D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_6ce00000_Leside-.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: BuffersCriticalEnterErrorFileFlushLastSection
                                                                                                                                                                                                                                      • String ID: (l
                                                                                                                                                                                                                                      • API String ID: 4109680722-3029988293
                                                                                                                                                                                                                                      • Opcode ID: 228062ee869952885c74acc10e44882750a299f6fe58a3354c369a552bc714de
                                                                                                                                                                                                                                      • Instruction ID: aa08320176592272e258f814e0e3ca06000f6ac7a8e3d6a8834feade05cf8676
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 228062ee869952885c74acc10e44882750a299f6fe58a3354c369a552bc714de
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 20018C36A043108FD710EFA8E805A8D7BB4EF4A728F24C61FE811DB790DBB49846CB40

                                                                                                                                                                                                                                      Execution Graph

                                                                                                                                                                                                                                      Execution Coverage:2.4%
                                                                                                                                                                                                                                      Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                                                                                                      Signature Coverage:21.6%
                                                                                                                                                                                                                                      Total number of Nodes:74
                                                                                                                                                                                                                                      Total number of Limit Nodes:5
                                                                                                                                                                                                                                      execution_graph 14875 72c7e967 14876 72c7e980 14875->14876 14879 72c7e110 LdrInitializeThunk 14876->14879 14878 72c7e9ef 14879->14878 14880 72c77764 14881 72c7777c 14880->14881 14882 72c7779d GetUserDefaultUILanguage 14881->14882 14883 72c777c7 14882->14883 14834 72c48600 14836 72c4860f 14834->14836 14835 72c48a48 ExitProcess 14836->14835 14837 72c48624 GetCurrentProcessId GetCurrentThreadId 14836->14837 14838 72c48a31 14836->14838 14839 72c48650 SHGetSpecialFolderPathW 14837->14839 14840 72c4864c 14837->14840 14849 72c7e080 14838->14849 14842 72c48880 14839->14842 14840->14839 14843 72c48964 GetForegroundWindow 14842->14843 14844 72c48982 14843->14844 14844->14838 14846 72c4b7b0 FreeLibrary 14844->14846 14847 72c4b7cc 14846->14847 14848 72c4b7d1 FreeLibrary 14847->14848 14848->14838 14852 72c7f970 14849->14852 14851 72c7e085 FreeLibrary 14851->14835 14853 72c7f979 14852->14853 14853->14851 14884 72c7e760 14885 72c7e780 14884->14885 14886 72c7e7be 14885->14886 14888 72c7e110 LdrInitializeThunk 14885->14888 14888->14886 14894 72c4a369 14895 72c4a430 14894->14895 14895->14895 14898 72c4b100 14895->14898 14897 72c4a479 14901 72c4b190 14898->14901 14900 72c4b1b5 14900->14897 14901->14900 14902 72c7e0a0 14901->14902 14903 72c7e0c0 14902->14903 14904 72c7e0d4 14902->14904 14905 72c7e0f3 14902->14905 14906 72c7e0e8 14902->14906 14903->14904 14903->14905 14908 72c7e0d9 RtlReAllocateHeap 14904->14908 14909 72c7c570 14905->14909 14906->14901 14908->14906 14910 72c7c585 14909->14910 14911 72c7c583 14909->14911 14912 72c7c58a RtlFreeHeap 14910->14912 14911->14906 14912->14906 14913 72c7e3a9 14914 72c7e3b2 GetForegroundWindow 14913->14914 14915 72c7e3c9 14914->14915 14916 72c7ea29 14917 72c7ea50 14916->14917 14919 72c7ea8e 14917->14919 14923 72c7e110 LdrInitializeThunk 14917->14923 14922 72c7e110 LdrInitializeThunk 14919->14922 14921 72c7eb59 14922->14921 14923->14919 14854 72c7eb88 14856 72c7eba0 14854->14856 14855 72c7ebde 14858 72c7ec4e 14855->14858 14860 72c7e110 LdrInitializeThunk 14855->14860 14856->14855 14861 72c7e110 LdrInitializeThunk 14856->14861 14860->14858 14861->14855 14924 72c4ec77 CoInitializeSecurity CoInitializeSecurity 14862 72c4ef53 CoInitializeEx CoInitializeEx 14863 72c49d1e 14864 72c49d40 14863->14864 14864->14864 14865 72c49d94 LoadLibraryExW 14864->14865 14866 72c49da5 14865->14866 14867 72c49e74 LoadLibraryExW 14866->14867 14868 72c49e85 14867->14868 14874 72c7c55b RtlAllocateHeap 14925 72c4ddbb 14929 72c41f70 14925->14929 14927 72c4ddc0 CoUninitialize 14928 72c4eea0 14927->14928 14930 72c41f7e 14929->14930

                                                                                                                                                                                                                                      Executed Functions

                                                                                                                                                                                                                                      Function 72C48600 Relevance: 14.4, APIs: 5, Strings: 3, Instructions: 351threadCOMMON
                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • GetCurrentProcessId.KERNEL32 ref: 72C48624
                                                                                                                                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 72C4862E
                                                                                                                                                                                                                                      • SHGetSpecialFolderPathW.SHELL32(00000000,?,00000010,00000000), ref: 72C487FA
                                                                                                                                                                                                                                      • GetForegroundWindow.USER32 ref: 72C48974
                                                                                                                                                                                                                                        • Part of subcall function 72C4B7B0: FreeLibrary.KERNEL32(72C48A31), ref: 72C4B7B6
                                                                                                                                                                                                                                        • Part of subcall function 72C4B7B0: FreeLibrary.KERNEL32 ref: 72C4B7D7
                                                                                                                                                                                                                                      • ExitProcess.KERNEL32 ref: 72C48A4A
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000002.00000002.1739812110.0000000072C41000.00000020.00000400.00020000.00000000.sdmp, Offset: 72C40000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739801371.0000000072C40000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739835956.0000000072C82000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739847579.0000000072C85000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739860083.0000000072C93000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_72c40000_aspnet_regiis.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: CurrentFreeLibraryProcess$ExitFolderForegroundPathSpecialThreadWindow
                                                                                                                                                                                                                                      • String ID: b]u)$}$}
                                                                                                                                                                                                                                      • API String ID: 3676751680-2900034282
                                                                                                                                                                                                                                      • Opcode ID: f262346e74f837c6d9de7d32c9c47269155e29bfc8895ff9b92009d14eb6bd8a
                                                                                                                                                                                                                                      • Instruction ID: 8e27c43a83b9279df307366128c6d2a94a739757458a16833a6e4da60e78cc1c
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f262346e74f837c6d9de7d32c9c47269155e29bfc8895ff9b92009d14eb6bd8a
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 71C1E773A187144BC708DF6DCC4125AFBE6ABC4710F1AC62EA899EB354EA74DC058BC1
                                                                                                                                                                                                                                      Function 72C7E110 Relevance: 1.5, APIs: 1, Instructions: 14libraryCOMMON
                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                      control_flow_graph 188 72c7e110-72c7e142 LdrInitializeThunk
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • LdrInitializeThunk.NTDLL(72C8148A,00000002,00000018,?,?,00000018,?,?,?), ref: 72C7E13E
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000002.00000002.1739812110.0000000072C41000.00000020.00000400.00020000.00000000.sdmp, Offset: 72C40000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739801371.0000000072C40000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739835956.0000000072C82000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739847579.0000000072C85000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739860083.0000000072C93000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_72c40000_aspnet_regiis.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: InitializeThunk
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 2994545307-0
                                                                                                                                                                                                                                      • Opcode ID: 428b37146f2ab8bbef251fdb989594d24ae2c5b49c4db8728953df82dacde34d
                                                                                                                                                                                                                                      • Instruction ID: 0c3231226d6b2b3a527619dcc08e6164a4fafcc19f94aab6dc14dc2c5ea58878
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 428b37146f2ab8bbef251fdb989594d24ae2c5b49c4db8728953df82dacde34d
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A2E0FE75908316AF9A08CF45C14444EFBE5BFC4714F11CC8DA4D863210D3B0AD46DF82
                                                                                                                                                                                                                                      Function 72C48A50 Relevance: .1, Instructions: 90COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000002.00000002.1739812110.0000000072C41000.00000020.00000400.00020000.00000000.sdmp, Offset: 72C40000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739801371.0000000072C40000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739835956.0000000072C82000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739847579.0000000072C85000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739860083.0000000072C93000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_72c40000_aspnet_regiis.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: de8a8dcc9c3ab3076e5cd776fb6cd32bc0718f272d39d571d2e216b7fbce9e89
                                                                                                                                                                                                                                      • Instruction ID: 275957155fb7f5e12868e5e5f5221a80a6147f3987afad807f4f354de555d269
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: de8a8dcc9c3ab3076e5cd776fb6cd32bc0718f272d39d571d2e216b7fbce9e89
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A521C537A627184BD3008E54DCC87917762E7D9328F3E86B8C9249F3D2C97BA91386C0
                                                                                                                                                                                                                                      Function 72C7E34B Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 59COMMON
                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                      control_flow_graph 109 72c7e34b-72c7e357 110 72c7e360-72c7e37a 109->110 110->110 111 72c7e37c-72c7e409 GetForegroundWindow call 72c802f0 110->111
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • GetForegroundWindow.USER32 ref: 72C7E3BA
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000002.00000002.1739812110.0000000072C41000.00000020.00000400.00020000.00000000.sdmp, Offset: 72C40000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739801371.0000000072C40000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739835956.0000000072C82000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739847579.0000000072C85000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739860083.0000000072C93000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_72c40000_aspnet_regiis.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: ForegroundWindow
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 2020703349-3019521637
                                                                                                                                                                                                                                      • Opcode ID: 886f1e6439959a4795be2dd0d466d87128220e816994151028bd6f62f89854e6
                                                                                                                                                                                                                                      • Instruction ID: 786404173860e1cf3a5fdd5f2665c302915c0026218edcca8ec9a09eb4e6fc85
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 886f1e6439959a4795be2dd0d466d87128220e816994151028bd6f62f89854e6
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: BB112B77E808914BDF08CA3DCC171AA77A2B3E4325B3D8ABDC816E3384D93858068A40
                                                                                                                                                                                                                                      Function 72C49D1E Relevance: 3.1, APIs: 2, Instructions: 142libraryCOMMON
                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                      control_flow_graph 115 72c49d1e-72c49d34 116 72c49d40-72c49d52 115->116 116->116 117 72c49d54-72c49d7e 116->117 118 72c49d80-72c49d92 117->118 118->118 119 72c49d94-72c49e13 LoadLibraryExW call 72c7d960 118->119 122 72c49e20-72c49e32 119->122 122->122 123 72c49e34-72c49e5e 122->123 124 72c49e60-72c49e72 123->124 124->124 125 72c49e74-72c49e80 LoadLibraryExW call 72c7d960 124->125 127 72c49e85-72c49e98 125->127
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • LoadLibraryExW.KERNEL32(?,00000000), ref: 72C49D98
                                                                                                                                                                                                                                      • LoadLibraryExW.KERNEL32(?,00000000), ref: 72C49E78
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000002.00000002.1739812110.0000000072C41000.00000020.00000400.00020000.00000000.sdmp, Offset: 72C40000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739801371.0000000072C40000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739835956.0000000072C82000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739847579.0000000072C85000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739860083.0000000072C93000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_72c40000_aspnet_regiis.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: LibraryLoad
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 1029625771-0
                                                                                                                                                                                                                                      • Opcode ID: ecbbc5446eca3e3d57eb8fc53e18ca4e9d4c15149e51de99a9714fbd5ee0164c
                                                                                                                                                                                                                                      • Instruction ID: 46ef009d338f67413dc2cc725448eb0c3758ff098646287d29c49c5af5f71bcd
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ecbbc5446eca3e3d57eb8fc53e18ca4e9d4c15149e51de99a9714fbd5ee0164c
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 55410FB4D003409FE7159F78C9D2A8A7F71EB46224F61929CE4902F3A6C631940ACBE2
                                                                                                                                                                                                                                      Function 72C4EF53 Relevance: 3.1, APIs: 2, Instructions: 116COMMON
                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                      control_flow_graph 128 72c4ef53-72c4f0b5 CoInitializeEx * 2
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • CoInitializeEx.OLE32(00000000,00000002), ref: 72C4EF57
                                                                                                                                                                                                                                      • CoInitializeEx.COMBASE(00000000,00000002), ref: 72C4F09C
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000002.00000002.1739812110.0000000072C41000.00000020.00000400.00020000.00000000.sdmp, Offset: 72C40000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739801371.0000000072C40000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739835956.0000000072C82000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739847579.0000000072C85000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739860083.0000000072C93000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_72c40000_aspnet_regiis.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: Initialize
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 2538663250-0
                                                                                                                                                                                                                                      • Opcode ID: 6985306469e24cd05c7bf57e365346a10ebfe985b1e453da3e7713ad9efe0bcd
                                                                                                                                                                                                                                      • Instruction ID: 1cfe02d6bacc07e1a293db7780b629356d114f9c22079f1611ab679a53b28d0c
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6985306469e24cd05c7bf57e365346a10ebfe985b1e453da3e7713ad9efe0bcd
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2E41C8B4910B40AFD370EF398A4B7137EB8AB05250F504B1EF9E6866D4E231A4198BD7
                                                                                                                                                                                                                                      Function 72C4EC77 Relevance: 3.0, APIs: 2, Instructions: 27COMMON
                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                      control_flow_graph 129 72c4ec77-72c4ecbb CoInitializeSecurity * 2
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000), ref: 72C4EC89
                                                                                                                                                                                                                                      • CoInitializeSecurity.COMBASE(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000), ref: 72C4ECA2
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000002.00000002.1739812110.0000000072C41000.00000020.00000400.00020000.00000000.sdmp, Offset: 72C40000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739801371.0000000072C40000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739835956.0000000072C82000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739847579.0000000072C85000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739860083.0000000072C93000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_72c40000_aspnet_regiis.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: InitializeSecurity
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 640775948-0
                                                                                                                                                                                                                                      • Opcode ID: 2848e7e9236a6cfe3eda65033fe0c3e4f4ee276280997640208243417720eebf
                                                                                                                                                                                                                                      • Instruction ID: 990c72484a489a63e7e5ee1c703d72c922d127c37b45f02fcc5339cc9a2e9250
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2848e7e9236a6cfe3eda65033fe0c3e4f4ee276280997640208243417720eebf
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B6E017753D83817AF2788602CD17F6432216F61F22F308708B3213F3C58AE03100450C
                                                                                                                                                                                                                                      Function 72C77764 Relevance: 1.6, APIs: 1, Instructions: 90COMMON
                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                      control_flow_graph 153 72c77764-72c77799 call 72c7fe00 call 72c54c90 * 2 161 72c7779d-72c777c5 GetUserDefaultUILanguage 153->161 162 72c7779b 153->162 163 72c777c7-72c777ca 161->163 162->161 164 72c77857-72c77888 163->164 165 72c777d0-72c77852 163->165 165->163
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • GetUserDefaultUILanguage.KERNELBASE ref: 72C7779D
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000002.00000002.1739812110.0000000072C41000.00000020.00000400.00020000.00000000.sdmp, Offset: 72C40000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739801371.0000000072C40000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739835956.0000000072C82000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739847579.0000000072C85000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739860083.0000000072C93000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_72c40000_aspnet_regiis.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: DefaultLanguageUser
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 95929093-0
                                                                                                                                                                                                                                      • Opcode ID: e253a80b623b097cc8d00af9df4fb41400cbcc1f16c3f5ab96d8a11ff74b3647
                                                                                                                                                                                                                                      • Instruction ID: cf9201f71772a7e1ddff73f2d421d3e17c287e65664c37fedfd98d27d900886c
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e253a80b623b097cc8d00af9df4fb41400cbcc1f16c3f5ab96d8a11ff74b3647
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: DB31F332B426848FD716CA7DC89379DBFE38BE5214F1E81A9D059CB391C9389946CB20
                                                                                                                                                                                                                                      Function 72C7E0A0 Relevance: 1.5, APIs: 1, Instructions: 31memoryCOMMON
                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                      control_flow_graph 166 72c7e0a0-72c7e0b1 167 72c7e0c6-72c7e0cd 166->167 168 72c7e0d4-72c7e0e6 call 72c7f990 RtlReAllocateHeap 166->168 169 72c7e0f3-72c7e0f4 call 72c7c570 166->169 170 72c7e0c0 166->170 171 72c7e0e8-72c7e0f1 call 72c7c540 166->171 167->168 167->169 178 72c7e0fe-72c7e100 168->178 177 72c7e0f9-72c7e0fc 169->177 170->167 171->178 177->178
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • RtlReAllocateHeap.NTDLL(?,00000000), ref: 72C7E0E0
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000002.00000002.1739812110.0000000072C41000.00000020.00000400.00020000.00000000.sdmp, Offset: 72C40000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739801371.0000000072C40000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739835956.0000000072C82000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739847579.0000000072C85000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739860083.0000000072C93000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_72c40000_aspnet_regiis.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: AllocateHeap
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 1279760036-0
                                                                                                                                                                                                                                      • Opcode ID: 61080dca012a60b1fdcd8050d1c3e8f3ca2c117bdf09d8d8e52357d2eb8fb97d
                                                                                                                                                                                                                                      • Instruction ID: 82c25a2bf8adcbc6cd491235703ed8e7b57db207739e3c5dce3c06f407bae725
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 61080dca012a60b1fdcd8050d1c3e8f3ca2c117bdf09d8d8e52357d2eb8fb97d
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 64F0A033854292EBC3519F3EAD04A4B3AA8AFE2720F164968E40096304DA35E926D692
                                                                                                                                                                                                                                      Function 72C7E3A9 Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                      control_flow_graph 179 72c7e3a9-72c7e3c4 GetForegroundWindow call 72c802f0 182 72c7e3c9-72c7e409 179->182
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • GetForegroundWindow.USER32 ref: 72C7E3BA
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000002.00000002.1739812110.0000000072C41000.00000020.00000400.00020000.00000000.sdmp, Offset: 72C40000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739801371.0000000072C40000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739835956.0000000072C82000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739847579.0000000072C85000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739860083.0000000072C93000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_72c40000_aspnet_regiis.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: ForegroundWindow
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 2020703349-0
                                                                                                                                                                                                                                      • Opcode ID: f46bf5fa33a3d2f5a208ee19c6572bf81e1516989a2a00b0c2f1e383b82b77bd
                                                                                                                                                                                                                                      • Instruction ID: f620c24a3013679135c99639bc398535818162e687a75d1d074d1c34111bbe6a
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f46bf5fa33a3d2f5a208ee19c6572bf81e1516989a2a00b0c2f1e383b82b77bd
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2FF08CBBE905928FDB04CF56CC506A433A2B7E831632DCA6DD502A3308DA74A902CA51
                                                                                                                                                                                                                                      Function 72C7C570 Relevance: 1.5, APIs: 1, Instructions: 15memoryCOMMON
                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                      control_flow_graph 183 72c7c570-72c7c57c 184 72c7c585-72c7c597 call 72c7f990 RtlFreeHeap 183->184 185 72c7c583-72c7c584 183->185
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • RtlFreeHeap.NTDLL(?,00000000,?,72C7E0F9), ref: 72C7C590
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000002.00000002.1739812110.0000000072C41000.00000020.00000400.00020000.00000000.sdmp, Offset: 72C40000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739801371.0000000072C40000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739835956.0000000072C82000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739847579.0000000072C85000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739860083.0000000072C93000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_72c40000_aspnet_regiis.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: FreeHeap
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 3298025750-0
                                                                                                                                                                                                                                      • Opcode ID: c489af5ae98f7bf0f8e21dc15f0c9a2c6a9a1b79d3e333b4079f6ea6ff7695e7
                                                                                                                                                                                                                                      • Instruction ID: 8bb4590a2d0c89bca9cd42cd9fd8fb561b1c5ec9a933ede012307a05b5f59056
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c489af5ae98f7bf0f8e21dc15f0c9a2c6a9a1b79d3e333b4079f6ea6ff7695e7
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8CD0A932445122EBCA40AF28BC01BC73A589F68320F030880A0406A160C220EC80CAC0
                                                                                                                                                                                                                                      Function 72C7C55B Relevance: 1.5, APIs: 1, Instructions: 6memoryCOMMON
                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                      control_flow_graph 189 72c7c55b-72c7c568 RtlAllocateHeap
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • RtlAllocateHeap.NTDLL(?,00000000), ref: 72C7C561
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000002.00000002.1739812110.0000000072C41000.00000020.00000400.00020000.00000000.sdmp, Offset: 72C40000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739801371.0000000072C40000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739835956.0000000072C82000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739847579.0000000072C85000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739860083.0000000072C93000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_72c40000_aspnet_regiis.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: AllocateHeap
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 1279760036-0
                                                                                                                                                                                                                                      • Opcode ID: 11e8acb9fd0dde65895eb4a3c0f95f0c4d5716f0f5c2ac0ecd859488aa041aed
                                                                                                                                                                                                                                      • Instruction ID: 56f24585265c6d01c482d7b64e364f47ca60297f0ff9b213dc2ce3b5e4fba49c
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 11e8acb9fd0dde65895eb4a3c0f95f0c4d5716f0f5c2ac0ecd859488aa041aed
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1DA012310800509BC5111A11BC08FC13E20DB14220F130140F040540B182208C41C580
                                                                                                                                                                                                                                      Function 72C4DDBB Relevance: 1.3, APIs: 1, Instructions: 23COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000002.00000002.1739812110.0000000072C41000.00000020.00000400.00020000.00000000.sdmp, Offset: 72C40000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739801371.0000000072C40000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739835956.0000000072C82000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739847579.0000000072C85000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739860083.0000000072C93000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_72c40000_aspnet_regiis.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: Uninitialize
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 3861434553-0
                                                                                                                                                                                                                                      • Opcode ID: fc577955f67ac39d97a92358e2cd3e338c06159afe6ed9cf15440a7fdd49fbbc
                                                                                                                                                                                                                                      • Instruction ID: c4297e45f542da537761bf4a72d7da122ab54992fd68286ceae7bca1e5820405
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: fc577955f67ac39d97a92358e2cd3e338c06159afe6ed9cf15440a7fdd49fbbc
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 02C012376AC0C09BD308C6668C655673A569FBA288326EA1DC94687305EBF454118A41

                                                                                                                                                                                                                                      Non-executed Functions

                                                                                                                                                                                                                                      Function 72C62E6D Relevance: 47.0, APIs: 3, Strings: 23, Instructions: 1504COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000002.00000002.1739812110.0000000072C41000.00000020.00000400.00020000.00000000.sdmp, Offset: 72C40000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739801371.0000000072C40000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739835956.0000000072C82000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739847579.0000000072C85000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739860083.0000000072C93000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_72c40000_aspnet_regiis.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: %"$+A#C=]=_$- $f$8]pY$9#'$=]=_$CNF8$Fm$I$JOSP$Q*RG$R03!$V]$].n^$_^]\$_^]\$eN$g}zh$lev-tolstoi.com$s$wdnf$~SS}$rp
                                                                                                                                                                                                                                      • API String ID: 0-796191818
                                                                                                                                                                                                                                      • Opcode ID: e77fb34321e9b9b52073da323b85872f9ba98986cd6de5e406c43bbbec052a9f
                                                                                                                                                                                                                                      • Instruction ID: 1c71f1f24633ac8c16540910ab72492a564e79b2810a25516132b4c8a68f6fdb
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e77fb34321e9b9b52073da323b85872f9ba98986cd6de5e406c43bbbec052a9f
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: FDB2F2B2A08341CFD714CF29C89176ABBB2FF95314F298A6CE4959B395D734D802CB91
                                                                                                                                                                                                                                      Function 72C73E30 Relevance: 33.4, APIs: 6, Strings: 13, Instructions: 116clipboardCOMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000002.00000002.1739812110.0000000072C41000.00000020.00000400.00020000.00000000.sdmp, Offset: 72C40000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739801371.0000000072C40000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739835956.0000000072C82000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739847579.0000000072C85000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739860083.0000000072C93000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_72c40000_aspnet_regiis.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: Clipboard$Global$CloseDataLockLongOpenUnlockWindow
                                                                                                                                                                                                                                      • String ID: '$($*$-$5$6$8$;$=$I$L$q$}
                                                                                                                                                                                                                                      • API String ID: 2832541153-2064290267
                                                                                                                                                                                                                                      • Opcode ID: 3fbeb9dfcdfbe5bacfbe6d67d914686db58c828b2f06759cfba40a78bbae3b4a
                                                                                                                                                                                                                                      • Instruction ID: 5c3707f3a5056f94d3ea62c6a8877625f429ce31c0bde95b580c9089765b4672
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3fbeb9dfcdfbe5bacfbe6d67d914686db58c828b2f06759cfba40a78bbae3b4a
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9D413D7110C3818EE301EFBDD58835EBEE0AB95348F059A6EE4D987382D6BA8549C753
                                                                                                                                                                                                                                      Function 72C79280 Relevance: 32.2, APIs: 10, Strings: 8, Instructions: 653memorycomCOMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • CoCreateInstance.OLE32(72C8368C,00000000,00000001,72C8367C,00000000), ref: 72C794CF
                                                                                                                                                                                                                                      • SysAllocString.OLEAUT32(00001F7A), ref: 72C79550
                                                                                                                                                                                                                                      • CoSetProxyBlanket.OLE32(?,0000000A,00000000,00000000,00000003,00000003,00000000,00000000), ref: 72C7958E
                                                                                                                                                                                                                                      • SysAllocString.OLEAUT32(8DFD93FD), ref: 72C79625
                                                                                                                                                                                                                                      • SysAllocString.OLEAUT32(4A105420), ref: 72C79706
                                                                                                                                                                                                                                      • VariantInit.OLEAUT32(?), ref: 72C79774
                                                                                                                                                                                                                                      • VariantClear.OLEAUT32(?), ref: 72C798BC
                                                                                                                                                                                                                                      • SysFreeString.OLEAUT32 ref: 72C798DF
                                                                                                                                                                                                                                      • SysFreeString.OLEAUT32(?), ref: 72C798E5
                                                                                                                                                                                                                                      • SysFreeString.OLEAUT32(00000000), ref: 72C798F6
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000002.00000002.1739812110.0000000072C41000.00000020.00000400.00020000.00000000.sdmp, Offset: 72C40000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739801371.0000000072C40000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739835956.0000000072C82000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739847579.0000000072C85000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739860083.0000000072C93000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_72c40000_aspnet_regiis.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: String$AllocFree$Variant$BlanketClearCreateInitInstanceProxy
                                                                                                                                                                                                                                      • String ID: :;$%$=hn$Jtuj$O^$SB$b{tu$gd$t"j
                                                                                                                                                                                                                                      • API String ID: 2485776651-1335595022
                                                                                                                                                                                                                                      • Opcode ID: 481c3e83d30a2485bfb6021a79bc1c358bc5ae7dbbdc3ec97a4cfee0a1622e43
                                                                                                                                                                                                                                      • Instruction ID: 4be036074631a82513f532286d312ab1f9cc1668de3d90b444617f6081e9dcd1
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 481c3e83d30a2485bfb6021a79bc1c358bc5ae7dbbdc3ec97a4cfee0a1622e43
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 66221276A183419BE300CF39C880B5BBBE2EFD5314F148A2CE9959B391D775D946CB82
                                                                                                                                                                                                                                      Function 72C67740 Relevance: 16.6, Strings: 13, Instructions: 338COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000002.00000002.1739812110.0000000072C41000.00000020.00000400.00020000.00000000.sdmp, Offset: 72C40000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739801371.0000000072C40000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739835956.0000000072C82000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739847579.0000000072C85000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739860083.0000000072C93000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_72c40000_aspnet_regiis.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: !A/C$$Y)[$1Q>S$DE$O=q?$P-X/$S%g'$Z)o+$f!V#$r$s1z3$}5x7$}9F;
                                                                                                                                                                                                                                      • API String ID: 0-3413813421
                                                                                                                                                                                                                                      • Opcode ID: da511abdf7d69269a39ed0f57cd372f7978266ded2ab66e473f5871b1ce312ff
                                                                                                                                                                                                                                      • Instruction ID: ac43892ac9301ee77d8f94f93cd9235de2aac796673fd33955394e170c1af06b
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: da511abdf7d69269a39ed0f57cd372f7978266ded2ab66e473f5871b1ce312ff
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D8C100B1508380CFD724CF29C852B6BBBF1FF95304F158A6CE5998B251E7358549CB92
                                                                                                                                                                                                                                      Function 72C5C8A0 Relevance: 15.6, Strings: 12, Instructions: 585COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000002.00000002.1739812110.0000000072C41000.00000020.00000400.00020000.00000000.sdmp, Offset: 72C40000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739801371.0000000072C40000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739835956.0000000072C82000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739847579.0000000072C85000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739860083.0000000072C93000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_72c40000_aspnet_regiis.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: "nl$#M%O$*"$4UW$\701$\701$a`|v$wt$AC$MO$pv$uvw
                                                                                                                                                                                                                                      • API String ID: 0-635595044
                                                                                                                                                                                                                                      • Opcode ID: c84eab3e47b8ac47354ad87a7731697313089ccbf8dafab6b60dde2d07d52d3a
                                                                                                                                                                                                                                      • Instruction ID: cea5bd1e5e532c77b19591c3b29ea82aaec3442bda3bf251e281f378dd456b15
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c84eab3e47b8ac47354ad87a7731697313089ccbf8dafab6b60dde2d07d52d3a
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2F02CF7654C3408BD3048F29C8916ABBBF1EFD5314F25892CE4C68B351E235DA49CB9A
                                                                                                                                                                                                                                      Function 72C639B9 Relevance: 14.8, APIs: 3, Strings: 5, Instructions: 821COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000002.00000002.1739812110.0000000072C41000.00000020.00000400.00020000.00000000.sdmp, Offset: 72C40000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739801371.0000000072C40000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739835956.0000000072C82000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739847579.0000000072C85000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739860083.0000000072C93000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_72c40000_aspnet_regiis.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: +A#C=]=_$=]=_$_^]\$eN$rp
                                                                                                                                                                                                                                      • API String ID: 0-2225558837
                                                                                                                                                                                                                                      • Opcode ID: 93c29ba08d9608cc33f41ec6aa7887c7cba5a9b8b2087611d7b3f630fada0d8f
                                                                                                                                                                                                                                      • Instruction ID: b6a169828bada90e1623ebf0db18eb9b9d0c941a3653be31fda48f11519112a7
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 93c29ba08d9608cc33f41ec6aa7887c7cba5a9b8b2087611d7b3f630fada0d8f
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 534236B6A04201CFD714CF69C8917AABBB2FF99310F29C6ACD4459B395D738D942CB90
                                                                                                                                                                                                                                      Function 72C5EB80 Relevance: 12.1, Strings: 9, Instructions: 812COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000002.00000002.1739812110.0000000072C41000.00000020.00000400.00020000.00000000.sdmp, Offset: 72C40000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739801371.0000000072C40000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739835956.0000000072C82000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739847579.0000000072C85000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739860083.0000000072C93000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_72c40000_aspnet_regiis.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: AL$CPm5$O}nl$Yxqs$f>mI$hch&$t|f$uvqs$
                                                                                                                                                                                                                                      • API String ID: 0-1556426300
                                                                                                                                                                                                                                      • Opcode ID: e634cef07219046654e77a9efcd370274dabb20924d147c154604c147342adef
                                                                                                                                                                                                                                      • Instruction ID: 8a821d1314854c9d3edb525ceefcddb504f1f49ae856c5906614414aa6b1a8b9
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e634cef07219046654e77a9efcd370274dabb20924d147c154604c147342adef
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4D52357150C3918FC716CF29C84065FBBE1AFE6214F244B6CE8EA9B282D735D506CB96
                                                                                                                                                                                                                                      Function 72C6B980 Relevance: 10.3, Strings: 8, Instructions: 329COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000002.00000002.1739812110.0000000072C41000.00000020.00000400.00020000.00000000.sdmp, Offset: 72C40000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739801371.0000000072C40000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739835956.0000000072C82000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739847579.0000000072C85000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739860083.0000000072C93000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_72c40000_aspnet_regiis.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: 47:$ " $220$AZDH$UXWZ$nV[k$pMC@$:/'
                                                                                                                                                                                                                                      • API String ID: 0-3711047884
                                                                                                                                                                                                                                      • Opcode ID: b9f7b377af8717c7fcead8f3ed908807518a85707a7c592cbb5a54d35cd06e07
                                                                                                                                                                                                                                      • Instruction ID: 52204e98e1d1e78b325fb3143c08c52f252343a646377167e3232257636dc146
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b9f7b377af8717c7fcead8f3ed908807518a85707a7c592cbb5a54d35cd06e07
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B3C158B4800B819FD321AF3AC5867A3BFF0AB56310F504A5DD4EB5B685E734601ACBD2
                                                                                                                                                                                                                                      Function 72C58B15 Relevance: 9.7, Strings: 7, Instructions: 999COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000002.00000002.1739812110.0000000072C41000.00000020.00000400.00020000.00000000.sdmp, Offset: 72C40000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739801371.0000000072C40000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739835956.0000000072C82000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739847579.0000000072C85000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739860083.0000000072C93000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_72c40000_aspnet_regiis.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: InitializeThunk
                                                                                                                                                                                                                                      • String ID: /$BVLm$_^]\$_^]\$_^]\$_^]\$_^]\
                                                                                                                                                                                                                                      • API String ID: 2994545307-2892575238
                                                                                                                                                                                                                                      • Opcode ID: 079e98df4b9d3fdbf00daf5cb795b0aaff828beab46c89db088fad010dd82721
                                                                                                                                                                                                                                      • Instruction ID: 62e32dd2b2306fc6f30eb2edfe2d4312228c49064ca9a4aff8268667ee7d4c6d
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 079e98df4b9d3fdbf00daf5cb795b0aaff828beab46c89db088fad010dd82721
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: EA323AB26082408BD719CA3ACC5176BB7E2FBF5314F398AACD19787295D730C942CB95
                                                                                                                                                                                                                                      Function 72C4AB40 Relevance: 8.0, Strings: 6, Instructions: 481COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000002.00000002.1739812110.0000000072C41000.00000020.00000400.00020000.00000000.sdmp, Offset: 72C40000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739801371.0000000072C40000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739835956.0000000072C82000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739847579.0000000072C85000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739860083.0000000072C93000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_72c40000_aspnet_regiis.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: >$HYZF$HYZF$UMAG$Y2^0$]><
                                                                                                                                                                                                                                      • API String ID: 0-2666672646
                                                                                                                                                                                                                                      • Opcode ID: 6ac985df5208fa9c4c3a4f6e578a18e671911fa87d401b4d1357bc748228769c
                                                                                                                                                                                                                                      • Instruction ID: 124babbfcc7bb125f8cdd91a3e954e402c5c2fb93c33c1271e299447b24f6308
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6ac985df5208fa9c4c3a4f6e578a18e671911fa87d401b4d1357bc748228769c
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 01E157B6A4C3504BD314CF6DC8503AFBFE2ABD1304F08992DE9EA9B345DA75C9058786
                                                                                                                                                                                                                                      Function 72C4CE45 Relevance: 7.8, APIs: 1, Strings: 4, Instructions: 341COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000002.00000002.1739812110.0000000072C41000.00000020.00000400.00020000.00000000.sdmp, Offset: 72C40000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739801371.0000000072C40000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739835956.0000000072C82000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739847579.0000000072C85000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739860083.0000000072C93000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_72c40000_aspnet_regiis.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: Uninitialize
                                                                                                                                                                                                                                      • String ID: 6=.)$<1!9$`{tu$lev-tolstoi.com
                                                                                                                                                                                                                                      • API String ID: 3861434553-1386727196
                                                                                                                                                                                                                                      • Opcode ID: cc70f5880497a853474d4c37b72271f83ae40f944a0a94b11dcbe4c8bddfc04b
                                                                                                                                                                                                                                      • Instruction ID: c0af22871abee2003397507328f29880f11dd68f41067c64af0132b1b8620820
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: cc70f5880497a853474d4c37b72271f83ae40f944a0a94b11dcbe4c8bddfc04b
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: DFA123B42047818FD716CF2AC4D0752BFE2BFA6304B18969CC8D24F75AD73AA446CB91
                                                                                                                                                                                                                                      Function 72C681CC Relevance: 7.6, APIs: 2, Strings: 2, Instructions: 593COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000001E,00000000,00000000,?), ref: 72C684BD
                                                                                                                                                                                                                                      • RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000001E,00000000,?,?), ref: 72C685B4
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000002.00000002.1739812110.0000000072C41000.00000020.00000400.00020000.00000000.sdmp, Offset: 72C40000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739801371.0000000072C40000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739835956.0000000072C82000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739847579.0000000072C85000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739860083.0000000072C93000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_72c40000_aspnet_regiis.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: EnvironmentExpandStrings
                                                                                                                                                                                                                                      • String ID: LF7Y$_^]\
                                                                                                                                                                                                                                      • API String ID: 237503144-3688711800
                                                                                                                                                                                                                                      • Opcode ID: d97acd4c0b68f919e4599a8115768a7173dc7e18e3e0ea0d6356f39f786a2fae
                                                                                                                                                                                                                                      • Instruction ID: 537a9ceaba116db7a7544d9fac80cf71117d9fb928c6e3f5bc7cffb83a63b779
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d97acd4c0b68f919e4599a8115768a7173dc7e18e3e0ea0d6356f39f786a2fae
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: DC223272948381CFD310CF29CC8176BBBE2BFA9310F198B6CE99657291D7319949CB42
                                                                                                                                                                                                                                      Function 72C683D8 Relevance: 7.5, APIs: 2, Strings: 2, Instructions: 542COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000001E,00000000,00000000,?), ref: 72C684BD
                                                                                                                                                                                                                                      • RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000001E,00000000,?,?), ref: 72C685B4
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000002.00000002.1739812110.0000000072C41000.00000020.00000400.00020000.00000000.sdmp, Offset: 72C40000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739801371.0000000072C40000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739835956.0000000072C82000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739847579.0000000072C85000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739860083.0000000072C93000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_72c40000_aspnet_regiis.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: EnvironmentExpandStrings
                                                                                                                                                                                                                                      • String ID: LF7Y$_^]\
                                                                                                                                                                                                                                      • API String ID: 237503144-3688711800
                                                                                                                                                                                                                                      • Opcode ID: bc31b7727be6a2d32898aeccb6fbdaebc790d394c64f1908aac31476b906b4a6
                                                                                                                                                                                                                                      • Instruction ID: f1a8a9a9b9ec1fd2397939cd953478e52928efe1bea6dbff71a77c97e8258535
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: bc31b7727be6a2d32898aeccb6fbdaebc790d394c64f1908aac31476b906b4a6
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 84122172948381CFD310CF29C88076BBBE2BF99310F198B6CE99A57291D731D949CB52
                                                                                                                                                                                                                                      Function 72C58169 Relevance: 6.5, Strings: 5, Instructions: 299COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000002.00000002.1739812110.0000000072C41000.00000020.00000400.00020000.00000000.sdmp, Offset: 72C40000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739801371.0000000072C40000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739835956.0000000072C82000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739847579.0000000072C85000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739860083.0000000072C93000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_72c40000_aspnet_regiis.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: 2h?n$7$SP$^`/4$gfff
                                                                                                                                                                                                                                      • API String ID: 0-3257051659
                                                                                                                                                                                                                                      • Opcode ID: 26a58d1228707e468bcc1e770b982ac75f41587ccc9b18842ef8cdb4681b4d81
                                                                                                                                                                                                                                      • Instruction ID: f72f6b225b11a84265dcb30a551486de20c4fca6ad854694b823e0883cee2363
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 26a58d1228707e468bcc1e770b982ac75f41587ccc9b18842ef8cdb4681b4d81
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 07A13772A142508BD314CF29CD5176FBBE2FBD4318F69CA2DD48AD7395EA38C8428785
                                                                                                                                                                                                                                      Function 72C691AE Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 186COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • RtlExpandEnvironmentStrings.NTDLL(00000000,?,00000009,00000000,?), ref: 72C691DA
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000002.00000002.1739812110.0000000072C41000.00000020.00000400.00020000.00000000.sdmp, Offset: 72C40000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739801371.0000000072C40000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739835956.0000000072C82000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739847579.0000000072C85000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739860083.0000000072C93000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_72c40000_aspnet_regiis.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: EnvironmentExpandStrings
                                                                                                                                                                                                                                      • String ID: +Ku$wpq
                                                                                                                                                                                                                                      • API String ID: 237503144-1953850642
                                                                                                                                                                                                                                      • Opcode ID: 299ea5ff109f30334631e58458856269d4d36f1034fd5006e38a572b7846a986
                                                                                                                                                                                                                                      • Instruction ID: 3dc10d723d26f6d8eee7883a6dbb3e7bcb044402c14cb30fb33a0d99e9f21305
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 299ea5ff109f30334631e58458856269d4d36f1034fd5006e38a572b7846a986
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D251CE7221C3518FC314CF69988176FB7F2EBC5310F15892DE4AACB285DB30D60A8B92
                                                                                                                                                                                                                                      Function 72C748C2 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 108COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000002.00000002.1739812110.0000000072C41000.00000020.00000400.00020000.00000000.sdmp, Offset: 72C40000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739801371.0000000072C40000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739835956.0000000072C82000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739847579.0000000072C85000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739860083.0000000072C93000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_72c40000_aspnet_regiis.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: MetricsSystem
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 4116985748-3916222277
                                                                                                                                                                                                                                      • Opcode ID: 46fae7ac221e462fa1bd517b88b44838e8e1e8952e6bae866075233eb720763d
                                                                                                                                                                                                                                      • Instruction ID: 0755e25c0ea87fa8f9b32e32d5ff120ff60ac67351824cb9c587d1fa52667eb3
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 46fae7ac221e462fa1bd517b88b44838e8e1e8952e6bae866075233eb720763d
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0F5162B1E142489FCB40EFADD98569DBBF0BB48310F10852EE898E7350E734A945CF92
                                                                                                                                                                                                                                      Function 72C690D0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 71COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • RtlExpandEnvironmentStrings.NTDLL(00000000,?,00000009,00000000,00000000,?), ref: 72C69170
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000002.00000002.1739812110.0000000072C41000.00000020.00000400.00020000.00000000.sdmp, Offset: 72C40000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739801371.0000000072C40000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739835956.0000000072C82000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739847579.0000000072C85000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739860083.0000000072C93000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_72c40000_aspnet_regiis.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: EnvironmentExpandStrings
                                                                                                                                                                                                                                      • String ID: M/($M/(
                                                                                                                                                                                                                                      • API String ID: 237503144-1710806632
                                                                                                                                                                                                                                      • Opcode ID: c37101561110a5e3a56eee9c6f13a93edf26f76bb6924eb6dba7f20ee9ade939
                                                                                                                                                                                                                                      • Instruction ID: be2afe2572cbe22aebaaaec8844e3abd77c6b2b1cc1b175ed60842af8bc4620b
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c37101561110a5e3a56eee9c6f13a93edf26f76bb6924eb6dba7f20ee9ade939
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 742123716583515FE714CE38DC8279FB7AAEBD2700F11892CE0D1EB1C5D675880B8752
                                                                                                                                                                                                                                      Function 72C49780 Relevance: 2.9, Strings: 2, Instructions: 420COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000002.00000002.1739812110.0000000072C41000.00000020.00000400.00020000.00000000.sdmp, Offset: 72C40000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739801371.0000000072C40000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739835956.0000000072C82000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739847579.0000000072C85000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739860083.0000000072C93000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_72c40000_aspnet_regiis.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: 1$A
                                                                                                                                                                                                                                      • API String ID: 0-719046165
                                                                                                                                                                                                                                      • Opcode ID: 6880b94caaa2b9775e65e87bff26e4ac5f9e6f4726df1c138d6b4f417168255c
                                                                                                                                                                                                                                      • Instruction ID: eafcf670c91f40432f5afb900797a15dd777444486ee76cb27b80699e837b530
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6880b94caaa2b9775e65e87bff26e4ac5f9e6f4726df1c138d6b4f417168255c
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 52D116755083508BD718CF28C851BABBBE1FFD5318F089A6DE5DACB241DB388506CB96
                                                                                                                                                                                                                                      Function 72C62830 Relevance: 2.9, Strings: 2, Instructions: 411COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000002.00000002.1739812110.0000000072C41000.00000020.00000400.00020000.00000000.sdmp, Offset: 72C40000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739801371.0000000072C40000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739835956.0000000072C82000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739847579.0000000072C85000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739860083.0000000072C93000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_72c40000_aspnet_regiis.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: C@$_^]\
                                                                                                                                                                                                                                      • API String ID: 0-1259475386
                                                                                                                                                                                                                                      • Opcode ID: a898e46164b98d770bede86ea40384378d0603a94dd4560820d1a2bd95851f03
                                                                                                                                                                                                                                      • Instruction ID: eed88153c55d99c4d88aad1a21fead9f26bfbd0f6d98dc911678f43855892667
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a898e46164b98d770bede86ea40384378d0603a94dd4560820d1a2bd95851f03
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 37B108A1A042005BE715DF29CC9273BB7F6EFE5224F15991CE89797382E235D906C353
                                                                                                                                                                                                                                      Function 72C5B8F6 Relevance: 1.7, Strings: 1, Instructions: 477COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000002.00000002.1739812110.0000000072C41000.00000020.00000400.00020000.00000000.sdmp, Offset: 72C40000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739801371.0000000072C40000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739835956.0000000072C82000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739847579.0000000072C85000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739860083.0000000072C93000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_72c40000_aspnet_regiis.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: EWC`
                                                                                                                                                                                                                                      • API String ID: 0-1922773688
                                                                                                                                                                                                                                      • Opcode ID: 41fe52dae277590a098fe4bb1a53dfbe2c8fab9eba0f905e21f3817d44c1f8a9
                                                                                                                                                                                                                                      • Instruction ID: 3f37e39b2683a934ab65584dbbb139e2c40a5ea03ef60a33b841c60a53479662
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 41fe52dae277590a098fe4bb1a53dfbe2c8fab9eba0f905e21f3817d44c1f8a9
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 32D13270505B428BC3258F29C4A17A3BBF2FFA2314F28552CE5D78B699E73AE406C754
                                                                                                                                                                                                                                      Function 72C6D17D Relevance: 1.7, APIs: 1, Instructions: 152COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • FreeLibrary.KERNEL32(1A11171A), ref: 72C6D2A4
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000002.00000002.1739812110.0000000072C41000.00000020.00000400.00020000.00000000.sdmp, Offset: 72C40000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739801371.0000000072C40000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739835956.0000000072C82000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739847579.0000000072C85000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739860083.0000000072C93000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_72c40000_aspnet_regiis.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: FreeLibrary
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 3664257935-0
                                                                                                                                                                                                                                      • Opcode ID: 5f1ed4b3d3f20cc372cbba8728561fad4f070d97d716efcd4d8fe47ea01b939e
                                                                                                                                                                                                                                      • Instruction ID: 8c3c8d0e03ed694247dd38681046e3e82517470761b29e3dfcdf80d4143d5df5
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5f1ed4b3d3f20cc372cbba8728561fad4f070d97d716efcd4d8fe47ea01b939e
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C441C3705043819BE3158F39C9E0B63BFE1EF67314F28868CD5D64B296D625D816C751
                                                                                                                                                                                                                                      Function 72C6D34A Relevance: 1.6, Strings: 1, Instructions: 398COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000002.00000002.1739812110.0000000072C41000.00000020.00000400.00020000.00000000.sdmp, Offset: 72C40000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739801371.0000000072C40000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739835956.0000000072C82000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739847579.0000000072C85000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739860083.0000000072C93000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_72c40000_aspnet_regiis.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: ><+
                                                                                                                                                                                                                                      • API String ID: 0-2918635699
                                                                                                                                                                                                                                      • Opcode ID: 589730f44867dbd3fe64943969d4625b71e2c89851dc653ce60dee7affd1cd31
                                                                                                                                                                                                                                      • Instruction ID: 6cb8343d9ad159cc67a615bfd9677e1ee046f19fe6c89dfde2acac91bd362cca
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 589730f44867dbd3fe64943969d4625b71e2c89851dc653ce60dee7affd1cd31
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C8C1A1756047818FD715CF2AC490762FBF2AF9A314B28859DC4DA8B752D735E806CB50
                                                                                                                                                                                                                                      Function 72C6B170 Relevance: 1.6, Strings: 1, Instructions: 396COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000002.00000002.1739812110.0000000072C41000.00000020.00000400.00020000.00000000.sdmp, Offset: 72C40000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739801371.0000000072C40000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739835956.0000000072C82000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739847579.0000000072C85000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739860083.0000000072C93000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_72c40000_aspnet_regiis.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: "
                                                                                                                                                                                                                                      • API String ID: 0-123907689
                                                                                                                                                                                                                                      • Opcode ID: d05c80c795993c871168dd86f7d1ea5d1d218413b04f758d20a6faf4e3c25647
                                                                                                                                                                                                                                      • Instruction ID: 36e8ca2da88c4285ef74394953533ea3e2fba5a839d4e2efc11b07c3d88e995d
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d05c80c795993c871168dd86f7d1ea5d1d218413b04f758d20a6faf4e3c25647
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E5C119B2A043445FD7158E2DC4D077BBBEAAFE4314F09892DE89A97381EB34E845C791
                                                                                                                                                                                                                                      Function 72C69E80 Relevance: 1.6, APIs: 1, Instructions: 125COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000001F,00000000,00000000,?), ref: 72C69F6C
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000002.00000002.1739812110.0000000072C41000.00000020.00000400.00020000.00000000.sdmp, Offset: 72C40000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739801371.0000000072C40000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739835956.0000000072C82000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739847579.0000000072C85000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739860083.0000000072C93000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_72c40000_aspnet_regiis.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: EnvironmentExpandStrings
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 237503144-0
                                                                                                                                                                                                                                      • Opcode ID: 03931c0ee3c894ed1e7081685cf11bca85bb2a99e3e6f5f51b5975ed00d3b387
                                                                                                                                                                                                                                      • Instruction ID: 0c3fb3b70422f0b230c9e3280699504afd0c50e640ad57c8852998142cc6b2e2
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 03931c0ee3c894ed1e7081685cf11bca85bb2a99e3e6f5f51b5975ed00d3b387
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0841E2B554C340CFE3008F25A88266BBBF5EBD2714F209D6CE6929B291D735D54BCB82
                                                                                                                                                                                                                                      Function 72C7CA40 Relevance: 1.5, Strings: 1, Instructions: 249COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000002.00000002.1739812110.0000000072C41000.00000020.00000400.00020000.00000000.sdmp, Offset: 72C40000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739801371.0000000072C40000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739835956.0000000072C82000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739847579.0000000072C85000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739860083.0000000072C93000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_72c40000_aspnet_regiis.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: InitializeThunk
                                                                                                                                                                                                                                      • String ID: _^]\
                                                                                                                                                                                                                                      • API String ID: 2994545307-3116432788
                                                                                                                                                                                                                                      • Opcode ID: 3ac50b92ff5f7a0642eac576d0f9eb6b11634079a6aeb40372d9b28aa7f6b2a2
                                                                                                                                                                                                                                      • Instruction ID: 00a873a12c4bec170545ea3883a2755b7a888d5936fe33adc2e93db8c4fb5753
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3ac50b92ff5f7a0642eac576d0f9eb6b11634079a6aeb40372d9b28aa7f6b2a2
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 43712672A047024FD708DE2DCCD072EBBA6EBE5624F19863DD49797399D6309941C781
                                                                                                                                                                                                                                      Function 72C6C0E6 Relevance: 1.5, Strings: 1, Instructions: 228COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000002.00000002.1739812110.0000000072C41000.00000020.00000400.00020000.00000000.sdmp, Offset: 72C40000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739801371.0000000072C40000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739835956.0000000072C82000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739847579.0000000072C85000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739860083.0000000072C93000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_72c40000_aspnet_regiis.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: N&
                                                                                                                                                                                                                                      • API String ID: 0-3274356042
                                                                                                                                                                                                                                      • Opcode ID: 5665b64be25d203cd2c098854cb0f624d733d04435fb67f576dcce93946ba0a9
                                                                                                                                                                                                                                      • Instruction ID: 27c1ec8e42747c089b8b123e81ffb07e23350837b758712f2c1fb5e25d9b7a9d
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5665b64be25d203cd2c098854cb0f624d733d04435fb67f576dcce93946ba0a9
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3551E725614B804BD72ACB3EC8513B7BBE3ABE7314B58969DC4D7C7686CA3CE1068710
                                                                                                                                                                                                                                      Function 72C6C09E Relevance: 1.5, Strings: 1, Instructions: 217COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000002.00000002.1739812110.0000000072C41000.00000020.00000400.00020000.00000000.sdmp, Offset: 72C40000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739801371.0000000072C40000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739835956.0000000072C82000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739847579.0000000072C85000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739860083.0000000072C93000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_72c40000_aspnet_regiis.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: N&
                                                                                                                                                                                                                                      • API String ID: 0-3274356042
                                                                                                                                                                                                                                      • Opcode ID: 67778d2b500347c8f6d70a6dff6ebacd1377335ec9b4928ea528ea997ceaea96
                                                                                                                                                                                                                                      • Instruction ID: bec86c7ea79c96c888ff96f52c7279be26b2b528aa7b521bcd9bb81d527e98fd
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 67778d2b500347c8f6d70a6dff6ebacd1377335ec9b4928ea528ea997ceaea96
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1B510825614BC04AD72ACB3AC8503B37BE3AFE7314F58969DC4D7D7A86CA3CA0028710
                                                                                                                                                                                                                                      Function 72C81160 Relevance: 1.4, Strings: 1, Instructions: 167COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000002.00000002.1739812110.0000000072C41000.00000020.00000400.00020000.00000000.sdmp, Offset: 72C40000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739801371.0000000072C40000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739835956.0000000072C82000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739847579.0000000072C85000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739860083.0000000072C93000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_72c40000_aspnet_regiis.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: @
                                                                                                                                                                                                                                      • API String ID: 0-2766056989
                                                                                                                                                                                                                                      • Opcode ID: dbb30c95de9822867e1a3469e31d8e7f1c7048795ce33ecf2797a703ce94cb88
                                                                                                                                                                                                                                      • Instruction ID: 6313eed8fb551813fd00674aa4d61fb46bb3c5a8ae2cd4986a68cea52479b929
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: dbb30c95de9822867e1a3469e31d8e7f1c7048795ce33ecf2797a703ce94cb88
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E941F0B29043109BD705CF18CC56B6BBBE2FFE5358F149A1CE58A5B3A0E3759904CB82
                                                                                                                                                                                                                                      Function 72C7C830 Relevance: 1.4, Strings: 1, Instructions: 114COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000002.00000002.1739812110.0000000072C41000.00000020.00000400.00020000.00000000.sdmp, Offset: 72C40000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739801371.0000000072C40000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739835956.0000000072C82000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739847579.0000000072C85000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739860083.0000000072C93000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_72c40000_aspnet_regiis.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: 0$z
                                                                                                                                                                                                                                      • API String ID: 0-542936926
                                                                                                                                                                                                                                      • Opcode ID: 39ab586f5e999548821ca83dad873216abc4af67417f2f31f134f8ac7be989e3
                                                                                                                                                                                                                                      • Instruction ID: fd889885270086e40ddf5b8b4c13b3fbe61d8e137e366543d84bc37e0c6f9ca7
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 39ab586f5e999548821ca83dad873216abc4af67417f2f31f134f8ac7be989e3
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: AB3105B2A193128FD340DE28C88071BBBE6EBE5724F19C92CE485A7346D376D942C7D1
                                                                                                                                                                                                                                      Function 72C61A10 Relevance: 1.4, Strings: 1, Instructions: 107COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000002.00000002.1739812110.0000000072C41000.00000020.00000400.00020000.00000000.sdmp, Offset: 72C40000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739801371.0000000072C40000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739835956.0000000072C82000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739847579.0000000072C85000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739860083.0000000072C93000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_72c40000_aspnet_regiis.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: ,-
                                                                                                                                                                                                                                      • API String ID: 0-1027024164
                                                                                                                                                                                                                                      • Opcode ID: f03900367e77a19023a08ba0b9c494200b74c7219e7791d8082fc1faacc84a8d
                                                                                                                                                                                                                                      • Instruction ID: 17c4aec696578ba9e098cde90741933142f691792ca22af8ae889de4bdcc28c2
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f03900367e77a19023a08ba0b9c494200b74c7219e7791d8082fc1faacc84a8d
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 462137A19553008BC3159F2DCC92637B7B2EFD2266F45961CE4868B352F7B4C906C7A2
                                                                                                                                                                                                                                      Function 72C80340 Relevance: 1.4, Strings: 1, Instructions: 103COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000002.00000002.1739812110.0000000072C41000.00000020.00000400.00020000.00000000.sdmp, Offset: 72C40000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739801371.0000000072C40000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739835956.0000000072C82000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739847579.0000000072C85000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739860083.0000000072C93000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_72c40000_aspnet_regiis.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: InitializeThunk
                                                                                                                                                                                                                                      • String ID: @
                                                                                                                                                                                                                                      • API String ID: 2994545307-2766056989
                                                                                                                                                                                                                                      • Opcode ID: 3fbd1981f99873e8961414f5555c365cdb3ae45abda99689729feee5d24243a6
                                                                                                                                                                                                                                      • Instruction ID: b7ec70c768de17e56e89dc3da87a37ca3876c03003f63da1ad42a00031aa705a
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3fbd1981f99873e8961414f5555c365cdb3ae45abda99689729feee5d24243a6
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0B31E1725483048BD304DE58C8D266FBBF5EBD5328F14892CE69A87390D735D848CB92
                                                                                                                                                                                                                                      Function 72C6DE07 Relevance: 1.3, Strings: 1, Instructions: 77COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000002.00000002.1739812110.0000000072C41000.00000020.00000400.00020000.00000000.sdmp, Offset: 72C40000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739801371.0000000072C40000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739835956.0000000072C82000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739847579.0000000072C85000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739860083.0000000072C93000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_72c40000_aspnet_regiis.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: ses`
                                                                                                                                                                                                                                      • API String ID: 0-1601344200
                                                                                                                                                                                                                                      • Opcode ID: 5152013babc3b36c107958c39b0feab8ed73559e8af87732ea39a45d2f7c1d5d
                                                                                                                                                                                                                                      • Instruction ID: 788d1233b391264a5543285841ef2c7c1b0244deb95bf5a2a97457d7c7d9ed61
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5152013babc3b36c107958c39b0feab8ed73559e8af87732ea39a45d2f7c1d5d
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3211E6615446C28BEB178F3ACC60722BBF2AF73254F2896D8D0D2DB296C225C452CB20
                                                                                                                                                                                                                                      Function 72C689E9 Relevance: 1.3, Strings: 1, Instructions: 51COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000002.00000002.1739812110.0000000072C41000.00000020.00000400.00020000.00000000.sdmp, Offset: 72C40000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739801371.0000000072C40000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739835956.0000000072C82000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739847579.0000000072C85000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739860083.0000000072C93000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_72c40000_aspnet_regiis.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: _^]\
                                                                                                                                                                                                                                      • API String ID: 0-3116432788
                                                                                                                                                                                                                                      • Opcode ID: ce722ba43f2aeab3a0f84d0b0430ad6adb0840d3dd34b49d02a5f1163e562b36
                                                                                                                                                                                                                                      • Instruction ID: 2673e8718623e2d925deb67a7ad92b2c93f2e5691cc26631207c83f3518ec5f7
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ce722ba43f2aeab3a0f84d0b0430ad6adb0840d3dd34b49d02a5f1163e562b36
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A501FDB1A49741C7D308CB19C59162BB7E2BBE9714F289B1CC48323749C330A8468BC6
                                                                                                                                                                                                                                      Function 72C7FA20 Relevance: .7, Instructions: 685COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000002.00000002.1739812110.0000000072C41000.00000020.00000400.00020000.00000000.sdmp, Offset: 72C40000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739801371.0000000072C40000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739835956.0000000072C82000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739847579.0000000072C85000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739860083.0000000072C93000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_72c40000_aspnet_regiis.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 79629f29ef22bd4ebc1eca5c83dd3f0ab08e8c5b6ffb90968eb7d68a128c648a
                                                                                                                                                                                                                                      • Instruction ID: b07c347be0eacfb69f49c3365072b95aaede1369f22332d62b0442525e8467bc
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 79629f29ef22bd4ebc1eca5c83dd3f0ab08e8c5b6ffb90968eb7d68a128c648a
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B922F036A54251CFC718CF69CCE12AAB7A2FB99314F2E8A7DC94697341D735A841CB80
                                                                                                                                                                                                                                      Function 72C42EB0 Relevance: .7, Instructions: 664COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000002.00000002.1739812110.0000000072C41000.00000020.00000400.00020000.00000000.sdmp, Offset: 72C40000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739801371.0000000072C40000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739835956.0000000072C82000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739847579.0000000072C85000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739860083.0000000072C93000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_72c40000_aspnet_regiis.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 2b1b421bc2b79de2bbf2d9608158f8ed8712bacb23e6b8d94726c066386c0b35
                                                                                                                                                                                                                                      • Instruction ID: 0a32375d3a1d55647b16bd0c5321d086532e5a21e1c2c11fbcb21c63270e763b
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2b1b421bc2b79de2bbf2d9608158f8ed8712bacb23e6b8d94726c066386c0b35
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1952B0316083458BC705CF29C4906ABBFF2BFD8358F25966DE89A57382DB35D849CB81
                                                                                                                                                                                                                                      Function 72C473D0 Relevance: .6, Instructions: 625COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000002.00000002.1739812110.0000000072C41000.00000020.00000400.00020000.00000000.sdmp, Offset: 72C40000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739801371.0000000072C40000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739835956.0000000072C82000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739847579.0000000072C85000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739860083.0000000072C93000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_72c40000_aspnet_regiis.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 6e797157fb35717b6a91bbe19d3c6782b16ec68ef1e5ad1ec3f47f605a4e618f
                                                                                                                                                                                                                                      • Instruction ID: 4add6e702fd0d89cd26447fce6f14b29733f8e274ec23aa45bf60d9b6fffc25f
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6e797157fb35717b6a91bbe19d3c6782b16ec68ef1e5ad1ec3f47f605a4e618f
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9022E531A083118BC325DF1CD9816ABB7F2FFD4319F19992DD9C697285DB34A819CB82
                                                                                                                                                                                                                                      Function 72C7FB10 Relevance: .5, Instructions: 537COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000002.00000002.1739812110.0000000072C41000.00000020.00000400.00020000.00000000.sdmp, Offset: 72C40000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739801371.0000000072C40000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739835956.0000000072C82000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739847579.0000000072C85000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739860083.0000000072C93000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_72c40000_aspnet_regiis.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 724d864883be28073fcb498bb04eecdf19646c97301887b34b55a7e1fbb0b270
                                                                                                                                                                                                                                      • Instruction ID: e142da88649eee7aa681e7f6825c91fb82782ba66ad3a767eda89586cc1c4395
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 724d864883be28073fcb498bb04eecdf19646c97301887b34b55a7e1fbb0b270
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B002F236B54251CFD718CF79C8E02AAB7A2FB99314F2E8A7DC94693341D735A851CB80
                                                                                                                                                                                                                                      Function 72C7FB2A Relevance: .5, Instructions: 527COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000002.00000002.1739812110.0000000072C41000.00000020.00000400.00020000.00000000.sdmp, Offset: 72C40000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739801371.0000000072C40000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739835956.0000000072C82000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739847579.0000000072C85000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739860083.0000000072C93000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_72c40000_aspnet_regiis.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 9b8df791470a9236ed139514b4ebbc5ab66870113a63e0a438b20ff4a956eb26
                                                                                                                                                                                                                                      • Instruction ID: 2071756139c5264709a7b59ec2bf7cae01f04cc84e50c8386261bc75ef6b8ebc
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9b8df791470a9236ed139514b4ebbc5ab66870113a63e0a438b20ff4a956eb26
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C3F1F436B54251CFD718CF79C8E02AAB7A2FB99314F2E8A7DC94693341D735A851CB80
                                                                                                                                                                                                                                      Function 72C7FB28 Relevance: .5, Instructions: 526COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000002.00000002.1739812110.0000000072C41000.00000020.00000400.00020000.00000000.sdmp, Offset: 72C40000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739801371.0000000072C40000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739835956.0000000072C82000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739847579.0000000072C85000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739860083.0000000072C93000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_72c40000_aspnet_regiis.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 2f404b6d727ea3f44db5d0fec0b0c18087ee5a2b190e2d8d7592a5311162cef2
                                                                                                                                                                                                                                      • Instruction ID: 6a6510796acf800112cf2f4d056e984f6a5413076383c7bea5c99c7699e8afb2
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2f404b6d727ea3f44db5d0fec0b0c18087ee5a2b190e2d8d7592a5311162cef2
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: ECF1F436B54251CFD718CF79C8E02AAB7A2FB99314F2E8A7DC94693341D735A851CB80
                                                                                                                                                                                                                                      Function 72C5D8AC Relevance: .5, Instructions: 505COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000002.00000002.1739812110.0000000072C41000.00000020.00000400.00020000.00000000.sdmp, Offset: 72C40000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739801371.0000000072C40000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739835956.0000000072C82000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739847579.0000000072C85000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739860083.0000000072C93000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_72c40000_aspnet_regiis.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 91ac5a85c8d8672ecf355c4484b4ef3f82979e43058e28f52cfc761d5e6ff929
                                                                                                                                                                                                                                      • Instruction ID: 94adaadb386d9de1292afb78d4f45c32a163eeccea043947f1958cf343dcf045
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 91ac5a85c8d8672ecf355c4484b4ef3f82979e43058e28f52cfc761d5e6ff929
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: BBE1F4B1A00215CBCB14CF6DC8517BBBBB1FF5A310B24465CE892AB395E334E951CB94
                                                                                                                                                                                                                                      Function 72C5D8D8 Relevance: .5, Instructions: 499COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000002.00000002.1739812110.0000000072C41000.00000020.00000400.00020000.00000000.sdmp, Offset: 72C40000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739801371.0000000072C40000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739835956.0000000072C82000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739847579.0000000072C85000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739860083.0000000072C93000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_72c40000_aspnet_regiis.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: a4cf085a3c4514a62b801c5bad1c79d8bb6631f15d7e07756d7c93c0a4d17e7c
                                                                                                                                                                                                                                      • Instruction ID: 63b93cabff4c09d2a09e6cb6c6e043799797ebee9c7afe2da28500f374bfa6f0
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a4cf085a3c4514a62b801c5bad1c79d8bb6631f15d7e07756d7c93c0a4d17e7c
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C0E1F5B1A00615CBCB14CF6DC8517BBBBB1FF9A310B24465CE492AB395E334E952CB94
                                                                                                                                                                                                                                      Function 72C7FE00 Relevance: .3, Instructions: 339COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000002.00000002.1739812110.0000000072C41000.00000020.00000400.00020000.00000000.sdmp, Offset: 72C40000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739801371.0000000072C40000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739835956.0000000072C82000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739847579.0000000072C85000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739860083.0000000072C93000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_72c40000_aspnet_regiis.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: a4f01baa346d380f1a378b02d9ce0389d71791b1e85cf68cf38a685c00bab6a7
                                                                                                                                                                                                                                      • Instruction ID: dc866b5e68b17f4a2692f623cfed3ed708e9a7d84688cc460095a5524412dea3
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a4f01baa346d380f1a378b02d9ce0389d71791b1e85cf68cf38a685c00bab6a7
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7EB11036A04245CFDB14CF79C8902AEB7B2FF99314F298A6DD94A93341D735A912CB80
                                                                                                                                                                                                                                      Function 72C806F0 Relevance: .3, Instructions: 305COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000002.00000002.1739812110.0000000072C41000.00000020.00000400.00020000.00000000.sdmp, Offset: 72C40000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739801371.0000000072C40000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739835956.0000000072C82000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739847579.0000000072C85000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739860083.0000000072C93000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_72c40000_aspnet_regiis.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: InitializeThunk
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 2994545307-0
                                                                                                                                                                                                                                      • Opcode ID: 05be47bd4888361448552ce63a8ddb3180d2f1370dbc0b76bdea39008dab90b4
                                                                                                                                                                                                                                      • Instruction ID: 1dc1042a3aee1627d0e3f188325b92c19c7e94f75c9510c209568c1d365fa6db
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 05be47bd4888361448552ce63a8ddb3180d2f1370dbc0b76bdea39008dab90b4
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6481F1356043058BE715DE1DC890A2A77F2FFE9758F15C52CE8869B395EB30D891CB82
                                                                                                                                                                                                                                      Function 72C76210 Relevance: .1, Instructions: 64COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000002.00000002.1739812110.0000000072C41000.00000020.00000400.00020000.00000000.sdmp, Offset: 72C40000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739801371.0000000072C40000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739835956.0000000072C82000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739847579.0000000072C85000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739860083.0000000072C93000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_72c40000_aspnet_regiis.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
                                                                                                                                                                                                                                      • Instruction ID: a19cf5af102ba576bef60c19968433c3f9aa45770e2b7ef87f6dab9ed75fdd1c
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: BE11C633A051D40ED3128D3C8440565BFE30AF3734B29439DE4B9AB3D6D6228D8A8354
                                                                                                                                                                                                                                      Function 72C6AAC0 Relevance: .1, Instructions: 63COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000002.00000002.1739812110.0000000072C41000.00000020.00000400.00020000.00000000.sdmp, Offset: 72C40000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739801371.0000000072C40000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739835956.0000000072C82000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739847579.0000000072C85000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739860083.0000000072C93000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_72c40000_aspnet_regiis.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 7b5d740ace398df56c1bc651b30677a1090a792db8fb55b3a5b1b7746f8ad41c
                                                                                                                                                                                                                                      • Instruction ID: 5eaee53946b5f6a9afaa5f702f2c92959d864ade7d3f5dcaeeb3c6cdc6d676be
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7b5d740ace398df56c1bc651b30677a1090a792db8fb55b3a5b1b7746f8ad41c
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6F0171F160030297E7109E5CD5C0B37BAB9AFE5708F1C552DD80757301DB76E80AC6A1
                                                                                                                                                                                                                                      Function 72C7C990 Relevance: .1, Instructions: 62COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000002.00000002.1739812110.0000000072C41000.00000020.00000400.00020000.00000000.sdmp, Offset: 72C40000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739801371.0000000072C40000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739835956.0000000072C82000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739847579.0000000072C85000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739860083.0000000072C93000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_72c40000_aspnet_regiis.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: InitializeThunk
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 2994545307-0
                                                                                                                                                                                                                                      • Opcode ID: 1a449bc12dccc96a001ba33cf638a7af8b1c26dc328d2823da4fe9a536677627
                                                                                                                                                                                                                                      • Instruction ID: d754808561cdab0cc753ed1ae7b3bf9b2102e8a234551324c609412a5ab155d8
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1a449bc12dccc96a001ba33cf638a7af8b1c26dc328d2823da4fe9a536677627
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C60126B2B502234BD711DE5ADCC0B2B7766E7F5676F298579D58267309D23088418290
                                                                                                                                                                                                                                      Function 72C5C300 Relevance: .1, Instructions: 51COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000002.00000002.1739812110.0000000072C41000.00000020.00000400.00020000.00000000.sdmp, Offset: 72C40000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739801371.0000000072C40000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739835956.0000000072C82000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739847579.0000000072C85000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739860083.0000000072C93000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_72c40000_aspnet_regiis.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: d915abd692c596d351a76ef7c44155bf2f7634e88133afcabaf1f94f6f3ee80c
                                                                                                                                                                                                                                      • Instruction ID: 5580493ce0986b8d643997b41ad6637cc5913d1bfadd7ea23bc11d12d502a74d
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d915abd692c596d351a76ef7c44155bf2f7634e88133afcabaf1f94f6f3ee80c
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E6F04460104B914AD3328F3AC5643A3BFF09F23218F641A8CC5D7576D2D376E10AC798
                                                                                                                                                                                                                                      Function 72C6C850 Relevance: .0, Instructions: 39COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000002.00000002.1739812110.0000000072C41000.00000020.00000400.00020000.00000000.sdmp, Offset: 72C40000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739801371.0000000072C40000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739835956.0000000072C82000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739847579.0000000072C85000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739860083.0000000072C93000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_72c40000_aspnet_regiis.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 0057a7699902e11f434577b59f93575e844e41ea0d416c12e73b52c1f8bfeec4
                                                                                                                                                                                                                                      • Instruction ID: e2497a706f55f70b44f9bccfec8f00309c1655201aa468638144f503e2169d61
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0057a7699902e11f434577b59f93575e844e41ea0d416c12e73b52c1f8bfeec4
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: BDF0F6254096C38AD705CE2AC0B0770FBB26F77208F2801DDC4C2AB683C726C9068710
                                                                                                                                                                                                                                      Function 72C6E0DA Relevance: .0, Instructions: 38COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000002.00000002.1739812110.0000000072C41000.00000020.00000400.00020000.00000000.sdmp, Offset: 72C40000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739801371.0000000072C40000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739835956.0000000072C82000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739847579.0000000072C85000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739860083.0000000072C93000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_72c40000_aspnet_regiis.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: a74d5857912f424093c70e21deeb6922a10a882864307659604c18145d6e58bc
                                                                                                                                                                                                                                      • Instruction ID: 9e056d04943bacb8a78cbd18158867ad194e6dc0916b1da33885cdadbb3e157c
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a74d5857912f424093c70e21deeb6922a10a882864307659604c18145d6e58bc
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 43F06C104087D246D713463E44507B2BFF19FA3021B141BD5C8E2972CBD3059057D355
                                                                                                                                                                                                                                      Function 72C6D116 Relevance: .0, Instructions: 38COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000002.00000002.1739812110.0000000072C41000.00000020.00000400.00020000.00000000.sdmp, Offset: 72C40000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739801371.0000000072C40000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739835956.0000000072C82000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739847579.0000000072C85000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739860083.0000000072C93000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_72c40000_aspnet_regiis.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: d65b1768279325292b2893ee314312dab91274cb2d5539a2c295fc870cfa5264
                                                                                                                                                                                                                                      • Instruction ID: ffc41eb50bc6cad73c4482d9225c40615d4b4b3b09ed43ff64b60859a7f04f12
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d65b1768279325292b2893ee314312dab91274cb2d5539a2c295fc870cfa5264
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 760144316402828BD304CE39CDE0667FFA1EB92324F08CB8CC4568B79AC634C842C784
                                                                                                                                                                                                                                      Function 72C4C805 Relevance: .0, Instructions: 14COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000002.00000002.1739812110.0000000072C41000.00000020.00000400.00020000.00000000.sdmp, Offset: 72C40000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739801371.0000000072C40000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739835956.0000000072C82000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739847579.0000000072C85000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739860083.0000000072C93000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_72c40000_aspnet_regiis.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 94933d0d7cd96f20976412cdcc0d02a59cdb2ada6708e11bd50c29a50730f6df
                                                                                                                                                                                                                                      • Instruction ID: 761e29128b512decff7d1cf7962268413e40153a88236dfc88259718de9f0c23
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 94933d0d7cd96f20976412cdcc0d02a59cdb2ada6708e11bd50c29a50730f6df
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 98C012365820C49F8214CF21CC08679B774AB1B183B34ED0CD60BD3201CB22A502CA5D
                                                                                                                                                                                                                                      Function 72C637D6 Relevance: .0, Instructions: 9COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000002.00000002.1739812110.0000000072C41000.00000020.00000400.00020000.00000000.sdmp, Offset: 72C40000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739801371.0000000072C40000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739835956.0000000072C82000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739847579.0000000072C85000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739860083.0000000072C93000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_72c40000_aspnet_regiis.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: bc5b0cf78f5354a78c14233090b51dd83e2dd1980fa62fbb75c6783d4ab0329d
                                                                                                                                                                                                                                      • Instruction ID: 3d0afb36a8c57807202a859187bb3aa38cc0dd4367a7b1d4ce2235c5b7e68e58
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: bc5b0cf78f5354a78c14233090b51dd83e2dd1980fa62fbb75c6783d4ab0329d
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 49B01270E4C202CAC308CF05C280139FAB473AF601F30B51DD04A63345C231C002CA8C
                                                                                                                                                                                                                                      Function 72C7315D Relevance: 19.3, APIs: 1, Strings: 10, Instructions: 85COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000002.00000002.1739812110.0000000072C41000.00000020.00000400.00020000.00000000.sdmp, Offset: 72C40000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739801371.0000000072C40000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739835956.0000000072C82000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739847579.0000000072C85000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739860083.0000000072C93000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_72c40000_aspnet_regiis.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: InitVariant
                                                                                                                                                                                                                                      • String ID: A$B$B$D$K$M$j$q$w$y
                                                                                                                                                                                                                                      • API String ID: 1927566239-3160828158
                                                                                                                                                                                                                                      • Opcode ID: 8c47ad95a6727c3d244d84921b09de7afd8bdef561df148a6fa4fc5eb8b81bf7
                                                                                                                                                                                                                                      • Instruction ID: 154be70aee4860be1d2589a8c3391275065121c9370a5b9578b8d1f1db1250c7
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8c47ad95a6727c3d244d84921b09de7afd8bdef561df148a6fa4fc5eb8b81bf7
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: BB41187050CBC18AD335DB38845879EBFD16BE2224F188A9DE6E94B3E2D7788445CB53
                                                                                                                                                                                                                                      Function 72C72A42 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 72COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000002.00000002.1739812110.0000000072C41000.00000020.00000400.00020000.00000000.sdmp, Offset: 72C40000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739801371.0000000072C40000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739835956.0000000072C82000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739847579.0000000072C85000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000002.00000002.1739860083.0000000072C93000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_72c40000_aspnet_regiis.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: Variant$ClearInit
                                                                                                                                                                                                                                      • String ID: C$C$P$T
                                                                                                                                                                                                                                      • API String ID: 2610073882-3051599793
                                                                                                                                                                                                                                      • Opcode ID: ac8842b7d1af7027a5585f67b1b4638a1a3ac90b097c4fafeafb14a651bec445
                                                                                                                                                                                                                                      • Instruction ID: 6854bb69e8b5e882c9201e9ca47fc21fb8d29ca268cae6de714e15674aa5ffde
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ac8842b7d1af7027a5585f67b1b4638a1a3ac90b097c4fafeafb14a651bec445
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: EB41C12010C7C18AD3729B38845979EBFE06BA6224F488A9DD4ED8B3D2DB754049DB63